Use npm to manage "Check Workflows" tool dependencies

The project uses the ajv-cli tool to validate GitHub Actions workflows against the JSON schema. Previously, the version
of the tool used was not controlled. This was problematic because:

- A different version of the tool may be used on the contributor's machine than on the CI runner, resulting in confusing
  failures.
- The project is immediately subject to disruption or breakage resulting from a release of the tool.

The new approach is to specify the version of the tools via the standard npm metadata files (package.json +
package-lock.json), providing the following benefits:

- Enables automated updates via Dependabot PRs
- Enables automated vulnerability alerts

Author: per1234

.github/workflows/check-workflows-task.yml

@@ -6,10 +6,16 @@ on:
   push:
     paths:
       - ".github/workflows/*.ya?ml"
+      - "**/.npmrc"
+      - "package.json"
+      - "package-lock.json"
       - "Taskfile.ya?ml"
   pull_request:
     paths:
       - ".github/workflows/*.ya?ml"
+      - "**/.npmrc"
+      - "package.json"
+      - "package-lock.json"
       - "Taskfile.ya?ml"
   schedule:
     # Run every Tuesday at 8 AM UTC to catch breakage resulting from changes to the JSON schema.
@@ -27,6 +33,11 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: package.json
+
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

Taskfile.yml

@@ -119,6 +119,8 @@ tasks:
       WORKFLOW_SCHEMA_PATH:
         sh: mktemp -t workflow-schema-XXXXXXXXXX.json
       WORKFLOWS_DATA_PATH: "./.github/workflows/*.{yml,yaml}"
+    deps:
+      - task: npm:install-deps
     cmds:
       - |
         wget \

package-lock.json

@@ -1,5 +1,7 @@
 {
   "devDependencies": {
+    "ajv-cli": "5.0.0",
+    "ajv-formats": "3.0.1",
     "markdown-link-check": "3.12.2",
     "markdownlint-cli": "0.42.0",
     "prettier": "3.3.3"