Allow npm strategy to work with pnpm

[antoine-coulon]

Currently, the npm strategy only works for package-lock.json and npm-shrinkwrap.json lock files.

We could actually extend that to pnpm-lock.yaml using the npm strategy using programmatically the library provided by the pnpm organization which uses the same vulnerability registry.

It would allow us to enhance the compatibility of the npm strategy (pnpm + npm would be both supported).