fix(security #17): add npm audit to CI pipeline and package scripts

Added .gitea/workflows/ci.yml which runs 'npm audit --audit-level=moderate'
on every push and PR. Fails the build on any moderate or higher severity
finding.

Also added 'npm run audit' and 'npm run audit:fix' convenience scripts
to package.json for local use.

.gitea/workflows/ci.yml

@@ -0,0 +1,26 @@
+name: CI
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+    branches: ["**"]
+
+jobs:
+  audit:
+    name: npm audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18"
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run security audit
+        run: npm audit --audit-level=moderate

package.json

@@ -6,7 +6,9 @@
   "scripts": {
     "dev": "nodemon server/index.js",
     "start": "node server/index.js",
-    "install:all": "npm install"
+    "install:all": "npm install",
+    "audit": "npm audit --audit-level=moderate",
+    "audit:fix": "npm audit fix"
   },
   "dependencies": {
     "axios": "^1.6.0",