Add a workflow to audit `npm` and `pypi` packages in the project

[sh-ran]

Terms

• I have searched open and closed feature requests
• I agree to follow activist's Code of Conduct

Description

With the recent incidents within some of the open source communities, its safer for us to start auditing the packages/dependencies that we are integrating into our projects. Using pip-audit package for the backend and npm audit command for the frontend within out workflows would a good way to start checking if any of the dependencies are compromised.

cc @andrewtavis @nicki182 @to-sta

Contribution

No response

[nicki182]

I think if we used yarn npm audit --recursive would be the best to have the best understanding of packages and where they are security wise https://yarnpkg.com/cli/npm/audit