Resolve "NPM dependencies: Uploads with bundleDependencies = false"

What does this MR do?

When uploading npm packages, the backend expects all the dependencies type to be described as hashes but it's not always the case. See #198471 (closed).

This MR ensures that before extracting npm dependencies, these are properly described as a Hash.

Screenshots

$ CI_JOB_TOKEN=XXXX npm publish
npm notice 
npm notice 📦  @root/bananas@1.0.0-rc.3
npm notice === Tarball Contents === 
npm notice 1.1kB  LICENSE                
npm notice 12.2kB lib/api/attributes.js  
npm notice 3.0kB  lib/cheerio.js         
npm notice 2.4kB  lib/api/css.js         
npm notice 2.5kB  lib/api/forms.js       
npm notice 170B   index.js               
npm notice 11.0kB lib/api/manipulation.js
npm notice 309B   lib/options.js         
npm notice 2.3kB  lib/parse.js           
npm notice 5.6kB  lib/static.js          
npm notice 11.1kB lib/api/traversing.js  
npm notice 2.3kB  lib/utils.js           
npm notice 2.1kB  package.json           
npm notice 25.9kB History.md             
npm notice 31.1kB Readme.md              
npm notice === Tarball Details === 
npm notice name:          @root/bananas                           
npm notice version:       1.0.0-rc.3                              
npm notice package size:  32.9 kB                                 
npm notice unpacked size: 113.0 kB                                
npm notice shasum:        3cff207a972a4eafcc15783b163ad3bf7fe52905
npm notice integrity:     sha512-IVDkmyab6evBS[...]NPNXDuIUezRWw==
npm notice total files:   15                                      
npm notice 
+ @root/bananas@1.0.0-rc.3
$ cat package.json | grep bundleDependencies
  "bundleDependencies": false,

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• [-] Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• [-] Database guides
• Separation of EE specific content

Availability and Testing

• [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers
• [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• [-] Label as security and @ mention @gitlab-com/gl-security/appsec
• [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• [-] Security reports checked/validated by a reviewer from the AppSec team