chore: add minimum release age to .npmrc (#131)

Add minimum-release-age=10080 (pnpm, minutes) and min-release-age=7
(npm v11+, days) to enforce a 7-day waiting period before installing
newly published packages, reducing supply chain attack risk.

Author: jdalton

.npmrc

@@ -2,6 +2,11 @@ ignore-scripts=true
 link-workspace-packages=false
 loglevel=error
 prefer-workspace-packages=false
+# Minimum release age - wait 7 days before installing newly published packages
+# pnpm uses minimum-release-age (minutes), npm v11+ uses min-release-age (days)
+minimum-release-age=10080
+min-release-age=7
+
 trust-policy=no-downgrade
 trust-policy-exclude[]=@yarnpkg/core@4.5.0
 trust-policy-exclude[]=@yarnpkg/libzip@3.2.2