(Tree-walker) support pnpm lockfile

Vulnera support pnpm by using `@pnpm/audit` but for the tree-walking we are not supporting pnpm as we are using Aborist (official NPM package).

Not sure if there is an easy solution here (there is no unified API yet). We may need to look at `@pnpm/lockfile-file`