use --ignore-scripts on cve build

Author: maoo

.github/workflows/cve-scanning-node.yml

@@ -22,5 +22,5 @@ jobs:
           node-version: ${{ matrix.node-version }}
       - run: npm config set package-lock false
       # TODO - this is ignoring package-lock.json
-      - run: npm install --prod
+      - run: npm install --prod --ignore-scripts
       - run: npx --yes auditjs ossi --whitelist allow-list.json