Setup audit github actions, which will scan for npm packages vulnerabilities

[tomaspalma]

Before merging a pull request, we should have an action that checks if vulnerabilities were found in any of the packages

[thePeras]

I have just enabled the first, which already done that with dependabot.
Should we enable the second one to open a PR?

Feel free to config these settings in your self

[tomaspalma]

Thank you!

I think that the dependabot part might be more suitable for the #225 issue.

This one was more to have the npm run audit command ran when a PR tried to merge into the develop. Although the dependabot will alert for vulnerabilities for dependencies already in our project, it won't alert for new dependencies that will be merged by a PR.

Should we enable the second one to open a PR?

I believe it is a good idea even though it may add noise to the PR tab, security is important