Update `.npmignore`
This converts the .npmignore file from an ignorelist to an allowlist by
- ignoring everything using
*, and - explicitly unignoring what should be published using
!xyz.
The motivation for this is twofold. First, previously published versions of this package include unnecessary files (such as tslint.json). Notably, recent versions released through GitLab CI also include the .npm/ directory which contains logs and dependency data (I did not detect anything sensitive, but it's worth double checked). Second, an allowlist prevents all accidental publication of files, including sensitive ones, thus improving the security of this project.
This fact about previous releases can be observed by, e.g., downloading <=1.2.1 release from this project's package registry. The new behavior can be verified by running npm publish --dry-run when checked out on this branch.
Let me know if I should include a version bump again - I wasn't sure if the maintainers of this project deem this change important enough to create a release, so I didn't include a version bump myself.