Option for `npm audit` to scan global packages

npm audit currently skips globally installed packages, allowing many CVE’s to silently slip into deployments.