Evaluate to only warn if a dev dependency is failing npm audit in a tagged build

[rpl]

While releasing on npm the 3.2.1 patch release, the related travis job for the tagged release failed to reach the "npm deploy" step because of a new security advisory related to handlebars.

Ideally we should not trigger a failure in a tagged release CI job for new security advisory only related to dev dependencies, as it would prevent us to release a new version without any actual security gain for the end users, but we could let it fail in CI jobs related to pull requests (as we can easily land a patch to temporarily whitelist the security advisory and rebase the pending pull requests on top of it).