fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:ejs:20161128
- https://snyk.io/vuln/npm:marked:20170112
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:tar:20151103
- https://snyk.io/vuln/npm:uglify-js:20151024

Latest report for samsonjs/samhuri.net:
https://snyk.io/test/github/samsonjs/samhuri.net

Some vulnerabilities weren't fixed or ignored, and so will still fail
the Snyk test report.

.snyk

@@ -0,0 +1,22 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.7.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:ejs:20161128':
+    - harp > terraform > ejs:
+        patched: '2017-04-21T04:58:35.183Z'
+  'npm:marked:20170112':
+    - harp > terraform > marked:
+        patched: '2017-04-21T04:58:35.183Z'
+  'npm:negotiator:20160616':
+    - harp > connect > compression > accepts > negotiator:
+        patched: '2017-04-21T04:58:35.183Z'
+    - harp > connect > serve-index > accepts > negotiator:
+        patched: '2017-04-21T04:58:35.183Z'
+  'npm:tar:20151103':
+    - harp > download-github-repo > download > decompress > tar:
+        patched: '2017-04-21T04:58:35.183Z'
+  'npm:uglify-js:20151024':
+    - harp > terraform > jade > transformers > uglify-js:
+        patched: '2017-04-21T04:58:35.183Z'

package.json

@@ -5,6 +5,12 @@
   "dependencies": {
     "harp": "^0.23.0",
     "thepusher": "^0.1.4",
-    "uglify-js": "^2.7.5"
+    "uglify-js": "^2.7.5",
-  }
+    "snyk": "^1.29.0"
+  },
+  "scripts": {
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
+  },
+  "snyk": true
 }