chore: pin npm tools

[shahar-h]

What this PR does / why we need it:

OpenSSF Scorecard flagged unpinned npm commands in the CI workflow:

Warn: npmCommand not pinned by hash: .github/workflows/docs.yaml:32
Warn: npmCommand not pinned by hash: .github/workflows/docs.yaml:38

The Hugo Docs workflow installed markdownlint-cli and linkinator via
npm install -g without a lockfile, meaning every run resolved
dependencies at install time. This has several downsides:

• Supply chain risk — transitive dependencies are fetched without
  integrity verification, which the OpenSSF Scorecard flags under
  Pinned-Dependencies.
• Reproducibility — CI and local dev environments can silently
  diverge when upstream packages publish new versions.
• No automated updates — versions were hardcoded in the workflow YAML,
  which Dependabot does not scan for npm version bumps.

This PR adds tools/package.json and tools/package-lock.json to pin
markdownlint-cli and linkinator with full integrity hashes,
updated to the latest versions (markdownlint-cli@0.48.0, linkinator@7.6.1)
to resolve known CVEs in transitive dependencies. The Make targets in
tools.mk, lint.mk, and docs.mk now handle installation automatically
via npm ci, so the npm install -g steps are removed from the CI workflow.
Dependabot is configured to keep these packages up to date.

Which issue(s) this PR fixes:
N/A

Release Notes: No

[netlify]

✅ Deploy Preview for cerulean-figolla-1f9435 ready!

Name	Link
🔨 Latest commit	8b496f5
🔍 Latest deploy log	https://app.netlify.com/projects/cerulean-figolla-1f9435/deploys/69d17346b04821000878df53
😎 Deploy Preview	https://deploy-preview-8672--cerulean-figolla-1f9435.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.50%. Comparing base (d35803f) to head (8b496f5).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8672      +/-   ##
==========================================
- Coverage   74.51%   74.50%   -0.01%     
==========================================
  Files         243      243              
  Lines       38670    38670              
==========================================
- Hits        28816    28813       -3     
- Misses       7864     7866       +2     
- Partials     1990     1991       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[shahar-h]

/retest

[arkodg]

LGTM thanks