ci: add --ignore-scripts to npm install for security (#9)

This prevents npm from executing any lifecycle scripts (including
postinstall) during dependency installation, reducing the attack
surface from malicious packages.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>

Author: brynary

.github/workflows/main.yml

@@ -29,7 +29,7 @@ jobs:
           node-version: ${{ matrix.node }}
 
       - name: Install dependencies
-        run: npm install
+        run: npm install --ignore-scripts
 
       - name: Run tests
         run: npm test