Add parser option to ignore npm devDependencies in npm lockfiles

What does this MR do?

This MR adds an option to ignore/skip devDependencies within package-lock.json files versions 1 or 2, and npm-shrinkwrap.json files. Software security is heavily dependent on context when assessing risk, and highlighting dev-only dependencies aids in adding more context. NPM adds a dev field as true to its devDependencies when generating lockfiles to identify the dependencies that are excluded in production builds. When DS_INCLUDE_DEV_DEPENDENCIES is set to false, any dev-only dependencies will be excluded from the generated artifacts.

What are the relevant issue numbers?

gitlab-org/gitlab#227861 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer