fix(dlx): prevent post-install scripts from running

Add ignoreScripts: true to Arborist options to prevent install and
post-install scripts from running during dlx package installation.
This is a security measure to prevent potentially malicious scripts
from executing during dependency installation.

Author: jdalton

src/dlx-package.ts

@@ -293,6 +293,8 @@ async function ensurePackageInstalled(
           cache: pacoteCachePath || path.join(packageDir, '.cache'),
           // Skip devDependencies (production-only like npx).
           omit: ['dev'],
+          // Skip install/post-install scripts for security.
+          ignoreScripts: true,
         })
 
         await arb.buildIdealTree()