[SUPPLY-CHAIN] Supply chain security

[philipandersson]

Right now we don't have enough measures to mitigate supply chain security. To make sure we are not vulnerable due to third party code we should integrate some checks for known security issues/vulns.

Two paths that we could explore:

• Integrate yarn audit into CI/CD (long hanging fruit)
• Make use of the dependency review GHA

In addition to this, we should utilize Dependabot to make sure we are applying security updates & patches. Dependabot can scan our dependencies and open a PR with the security update needed.