Fix issue with lockdown.js npm preinstall hook.

lockdown.js uses some magic so that it gets run automatically whenever
somebody runs `npm install`.
This is done by registering a preinstall hook with npm.
lockdown.js expects this hook to be called before `npm install` installs
the packages and in fact before npm has even fetched any information
about the packages from the registry.
This used to be the case in older versions of npm but the behavior of
npm has changed and now the preinstall hook is run later.
This is too late for lockdown.js to intercept the fetches from the
registry which leaves things in a broken state.
Fixing this seems difficult but luckily for our use case we don't need
to run `npm install` interactively and don't care whether that works or
or not.
Instead we can just call lockdown directly instead of calling
`npm install`.
This allows things to work as expected.

See npm/cli#2660 but note that the exact
behavior has changed several times between versions.

dxr/plugins/js/makefile

@@ -1,5 +1,5 @@
 build: .npm_installed
-	cd analyze_js && npm install
+	cd analyze_js && ./node_modules/.bin/lockdown
 
 # Remove anything within node_modules that's not checked into git. Skip things
 # with spaces in them, lest xargs screw up and delete the wrong thing.
@@ -14,7 +14,7 @@ lint: build
 # target redoes the install if the packages or lockdown files are newer than
 # that file:
 .npm_installed: analyze_js/package.json analyze_js/lockdown.json
-	cd analyze_js && npm install
+	cd analyze_js && ./node_modules/.bin/lockdown
 	touch $@
 
 .PHONY: build clean lint

makefile

@@ -116,7 +116,7 @@ dxr/static_unhashed/js/templates.js: dxr/templates/nunjucks/*.html \
 # target redoes the install if the packages or lockdown files are newer than
 # that file:
 .npm_installed: tooling/node/package.json tooling/node/lockdown.json
-	cd tooling/node && npm install
+	cd tooling/node && ./node_modules/.bin/lockdown
 	touch $@
 
 # Install requirements in current virtualenv: