Config options to freeze lock files when installing dependencies

[WesCossick]

Right now, we don't freeze lock files (if present) whenever we install dependencies at any level (root package or test projects). We've found that freezing these files generally causes reliability issues at the test project level if Rugged dies (or is killed) while it's running, since injecting the packaged version of the root project necessarily updates the lock file.

Users may want the extra safety of freezing their lock files at the test packages levels, though. Plus, we probably should be freezing the root project's lock file by default.

So, I propose that we introduce two new config options, called freezeRootProjectLockFile and freezeTestProjectLockFiles. Both of these would be boolean values. The former would default to true, and the latter would default to false.

If true, when installing dependencies, the lock file should be frozen. That's done by adding --frozen-lockfile to the Yarn command, and by using npm ci instead of npm install for npm.

[corymharper]

Before work on this issue is started #44 should probably be merged.