build: avoid using package-lock.json

```npm install``` creates a ```package-lock.json``` to lock
the versions of dependencies that are installed.
They recommend to commit this file and that's what I
usually do in other projects but we should not use it
for this project.  This will allow us to always test
the latest version of our dependencies (especially in CI).

PR-URL: #359
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Reviewed-By: Nicola Del Gobbo <[email protected]>

Author: yjaeseok

.npmrc

@@ -0,0 +1 @@
+package-lock=false