Add npm audit to ci pipeline

I have created a wrapper for it, because `npm audit` itself _always_ fails if _any_ vulnerabilities are present, and we don't want to fail on low or moderate vulnerabilities. This issue has been PR'ed in npm, so if/when npm/cli#31 is merged and released then the command can be swapped for a basic `npm audit`.

.drone.yml

@@ -10,6 +10,15 @@ pipeline:
     when:
       event: [push, pull_request, tag]
 
+  audit:
+    image: node:8
+    secrets:
+      - npm_auth_token
+    commands:
+      - npx @lennym/ciaudit
+    when:
+      event: [push, pull_request, tag]
+
   compile:
     image: node:8
     secrets: