Rename `package-lock.json` to `npm-shrinkwrap.json`

[triallax]

See https://docs.npmjs.com/cli/v8/configuring-npm/npm-shrinkwrap-json:

It is identical to package-lock.json, with one major caveat: Unlike package-lock.json, npm-shrinkwrap.json may be included when publishing a package.

The recommended use-case for npm-shrinkwrap.json is applications deployed through the publishing process on the registry: for example, daemons and command-line tools intended as global installs or devDependencies.