fix(nodejs): check all `importers` to detect dev deps from pnpm-lock.yaml file

[DmitriyLewen]

Description

Check all importers to detect dev deps from pnpm-lock.yaml file. More details in #7386

before:

➜ trivy -q fs ./pnpm-lock.yaml  --list-all-pkgs -f json --include-dev-deps
...
        {
          "ID": "[email protected]",
          "Name": "sleep-utils",
          "Identifier": {
            "PURL": "pkg:npm/[email protected]",
            "UID": "716b20f0563e731b"
          },
          "Version": "1.0.3",
          "Dev": true,
          "Indirect": true,
          "Relationship": "indirect",
          "Layer": {}
        }
      ]
    }
  ]
}

after:

➜ ./trivy -q fs ./pnpm-lock.yaml  --list-all-pkgs -f json --include-dev-deps
...
        {
          "ID": "[email protected]",
          "Name": "sleep-utils",
          "Identifier": {
            "PURL": "pkg:npm/[email protected]",
            "UID": "8981f07a21207ebb"
          },
          "Version": "1.0.3",
          "Relationship": "direct",
          "Layer": {}
        }
      ]
    }
  ]
}

Related issues

• Close #7386

Checklist

• [x] I've read the guidelines for contributing to this repository.
• [x] I've followed the conventions in the PR title.
• [x] I've added tests that prove my fix is effective or that my feature works.
• [ ] I've updated the documentation with the relevant information (if needed).
• [ ] I've added usage information (if the PR introduces new options)
• [ ] I've included a "before" and "after" example to the description (if the PR is a user interface change).