* add 'npm' and 'npm-update' make targets and lockfile

- `make npm` installs and updates node_modules, triggered automatically
   on `make css` and `make js` as it completes reasonably fast and
   ensures consistent modules.
- `make npm-update` updates all dependencies to their latest version,
   regenerates `node_modules` from scratch and updates
   `package-lock.json`. It uses npm modules `updates` written by yours
   truly to find the latest version of each dependency.

* add suggested make dependencies

* remove package-lock.json during npm-update

* regenerate package-lock.json

* remove and disable package-lock

Using exact versions in package.json has the same effect as lockfiles
without all the troubles the lockfiles bring (different versions of
package manager generating different lockfiles primarily).

Ensured we only use exact versions in package.json and stopped
generation of new lockfiles via .npmrc which is support by both the npm
and yarn package managers.

Fixes: https://github.com/go-gitea/gitea/issues/6967

* enable save-exact