Commit package-lock.json file

[greatislander]

As discussed in a recent Fluid Project meeting, there is a limitation with the current Infusion package management strategy which this PR resolves. Right now we are very specific in pinning precise versions of NPM dependencies which guarantees a consistent install for different users and developers. However, without a package lock file, any sub-dependencies will be installed based on version constraints from the top level dependency. So for example:

If we require version 1.2.1 of some-package and it requires version ^2.1 of some-other-package, a developer might get version 2.1.0 of some-other-package but a month later someone else could run NPM install and end up with version 2.2.0 of some-other-package.

Keeping the package-lock.json file in version control means that both people will get the same version of some-other-package as specified in the lock file.

This PR also bumps the Infusion version and adjusts the CI workflows to use the build-in dependency caching from actions/setup-node now that we have a lock file to act as the basis for this.

[duhrer]

I'm sure there's a reason we're changing course on this, but it would be good to document the reasoning as part of the change. A summary of the discussion or a link to an issue would be sufficient.

[greatislander]

@duhrer I've updated the description, thanks!