Add hardened .npmrc for supply-chain security

[karanshah-browserstack]

Adds a hardened .npmrc enforcing npm supply-chain best practices:

ignore-scripts=true
strict-ssl=true
save-exact=true
# engine-strict=true  (disabled — see notes)
legacy-peer-deps=false
audit-level=high

Notes:

• ignore-scripts=true skips Cypress's postinstall binary download. Cloud runs via browserstack-cypress are unaffected; for local Cypress runs, execute npx cypress install once after npm install.
• engine-strict is commented out because the serialize-javascript override requires Node >=20 while this sample supports Node 18; it can be enabled once that floor changes.
• Verified: npm ci against the committed package-lock.json on Node 18, 20, and 22 — lockfile unchanged; sample test run verified.

🤖 Generated with Claude Code

[Rohannagariya1]

Closing as not needed — synced with Shabbir (Security EM). The supply-chain .npmrc hardening flagged by the Enigma audit is not required for these repos; dropping per that decision.

[Rohannagariya1]

Closing as not needed — synced with Shabbir (Security EM): the supply-chain .npmrc hardening from the Enigma audit is being dropped for the open-source sample repos.

[Rohannagariya1]

@karanshah-browserstack please close this PR — synced with Shabbir (Security EM): the supply-chain .npmrc hardening from the Enigma audit is not needed for the open-source sample repos. (I don't have close permission on this repo, so flagging for you.)