ci: enhance security with npm:unpublishSafe renovate preset

This will help to prevent Renovate from opening PR for any new npm published versions
which might contain supply-chain attack

See https://docs.renovatebot.com/presets-npm/

Author: ahnpnl

renovate.json

@@ -9,6 +9,7 @@
     ":prHourlyLimit2",
     "helpers:pinGitHubActionDigests",
     ":semanticCommitTypeAll(build)",
+    "npm:unpublishSafe",
     "workarounds:all"
   ],
   "timezone": "UTC",