[Documentation/CircleCI]: Only build on the merge, not PR

[quinnturner]

In Travis-CI, we only build on the merge, not the PR.

script:
  # Have audit-ci run audit-ci to audit itself :)
  - if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then node lib/audit-ci.js -l --config ./audit-ci.json; fi

However, on CircleCI, we build on the PR:

      # In your code, add this (after installing with `npm install --save-dev audit-ci`):
      # - run:
      #    name: run-audit-ci
      #    command: 'audit-ci --moderate'

      # Have audit-ci run audit-ci to audit itself :)
      - run:
          name: run-audit-ci
          command: node lib/audit-ci.js -l --config ./audit-ci.json

This can result in the following scenario:

1. Push a new feature with PR, but master has new vulnerabilities, breaking the PR
2. Create a fix PR with the new advisories, merge PR into master
3. Re-run the feature workflow
   • Travis-CI will pass
   • CircleCI will fail

The expected behaviour (Travis-CI and CircleCI): pass.
The current behaviour: Travis-CI - pass, CircleCI - fail.

CircleCI should build on the merge rather than the PR.

This issue would be resolved by:

1. Updating the docs to suggest the new CircleCI workflow implementation
2. Implement the new CircleCI workflow

[quinnturner]

This occurred in #66

[quinnturner]

Fixed:

Runs in PR (desired): https://app.circleci.com/jobs/github/quinnturner/audit-ci/147
Doesn't run in master (desired): https://app.circleci.com/jobs/github/IBM/audit-ci/140