Added check and fix for global --install.ignore-scripts yarn config (#1451)

ref https://linear.app/ghost/issue/PRO-1540/

- there have been multiple recent npm incidents with compromised
packages using pre/post-install scripts to run malicious scripts
- we want to default to not running these scripts as a security
precaution, this matches behaviour of pnpm which is touted as a modern,
more secure, npm package manager

Author: rmgpinto

Dockerfile

@@ -8,7 +8,7 @@ WORKDIR /opt/activitypub
 COPY package.json .
 COPY yarn.lock .
 
-RUN yarn && \
+RUN yarn --ignore-scripts && \
     yarn cache clean
 
 COPY tsconfig.json .

jobs/populate-explore-json/Dockerfile

@@ -6,7 +6,7 @@ WORKDIR /app
 COPY package.json yarn.lock ./
 
 # Install dependencies
-RUN yarn install --frozen-lockfile --production
+RUN yarn install --ignore-scripts --frozen-lockfile --production
 
 # Copy source
 COPY index.ts ./