Disable `audit` in `.npmrc` by default

[remcohaszing]

Description:
I suggest that this actions sets audit=false in .npmrc by default.

Justification:
Setting audit=false in .npmrc is analogous to passing the --no-audit option to npm install or npm ci.

This options makes npm run an audit check after running npm install or npm ci. The information gathered is used to log the log the number of known vulnerabilities after installing the dependencies. The npm output looks something like this:

$ npm ci
added 521 packages, and audited 522 packages in 5s

246 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

Typically npm ci will succeed, so most users will see it like this:

Whether or not there are vulnerabilities doesn’t affect the outcome. It’s only used to log a number to the console that most users will never see in CI.

None of this is a problem. What is a problem however, is that this is about half the time it took to run npm ci. By skipping the audit step, users can save previous CI minutes, which add up in total.

There are better ways to actually see these vulnerabilities, such as GitHub dependency scanning, dependabot, or actually running npm audit.

Are you willing to submit a PR?
Yes