Add support for npm-notice header from npm registry

[zkat]

Do you want to request a feature or report a bug?

Feature

What is the current behavior?

Yarn ignores the Npm-Notice header from the npm registry.

What is the expected behavior?

Like the npm CLI, Yarn should print out info messages when it receives an npm-notice header from a registry request.

You can see the way npm itself does it here:

https://github.com/npm/npm-registry-fetch/blob/c34e158a153d81917bf3e2f378b9f553624fc782/check-response.js#L10-L12

This header is an escape-hatch for sending messages to legacy clients that don't support current and future features. Most notably, we currently send a message through the npm-notice header when vulnerabilities have been detected in a project. This is a good thing to support until #5808 is in place with the full featureset, 'cause you'll at least be able to -notify- your users about this.

Historically, we've barely ever used this header, and I fully assume that this will continue to be the case going forward. If something gets sent through npm-notice, it's probably something very important for us to immediately push to our users.

Please mention your node.js, yarn and operating system version.

irrelevant

[arcanis]

Good idea - is this field documented somewhere btw?

[zkat]

Not right now, no. This is one of those "super ancient" things that's been around since the dawn of time and was mostly forgotten until someone pointed out recently we could use it for security notices. And when tests started failing when I was writing pacote lol.

[DanielThomas]

Yarn also doesn't reflect the server's status line reason for responses, so it's impossible for a registry to provide additional context for a response code in the UI.