Add vulnerable production dependency

Add a vulnerable production dependency to ensure that reports always contain a vulnerability regardless of enabled/disabled filter options. For example, setting DS_INCLUDE_DEV_DEPENDENCIES=0 will not cause the report artifact to contain zero vulnerabilities.

Part of Add parser option to ignore npm devDependencies... (gitlab-org/security-products/analyzers/gemnasium!327 - merged)