Implement dependency audit in CI
As discussed, we should setup a configurable third-party package audit-ci
to audit our dependency closure for known vulnerabilities. It has to support supressing/allowing individual issues and/or packages as the dependency closure is large and a lot of the vulnerabilities do not really affect our use case, e.g. regular-expression-based denial of service for some dependency which will never handle untrusted input.