fix: use npm audit for both package managers (retired pnpm endpoint)

.github/workflows/plugin-ci.yaml

@@ -168,8 +168,6 @@ jobs:
 
       - name: Security audit
         run: |
-          if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
+          # npm retired the audit endpoint pnpm uses. Use npm's audit for both
-            pnpm audit --prod
+          # package managers to avoid 410 errors.
-          else
+          npm audit --omit=dev
-            npm audit --omit=dev
-          fi