Add pnpm audit support #445
Description
It would be great if salus supported pnpm support in addition to npm and yarn. The output of pnpm audit --json is identical to NPM, so hopefully this is a simple request :)
One caveat to be aware of is that pnpm places the lockfile at the the root of the repository in a monorepo/workspaces setup. For example:
package-a/
package.json
package-b/
package.json
package.json
pnpm-lock.yaml
If package-a had its own salus-config.yaml, and we were running the scanner with --repo_path=/some/path/to/package-a, the should_run check would need to recursively look upwards for the folder containing .git and see if pnpm-lock.yaml exists at the same level.