Remove package-lock.json

The repo has both package-lock.json and yarn.lock which makes no sense. We should only be using one package manager. I assume it's Yarn, so we should delete the package-lock.json.

Also, this breaks dependency scanning.

/cc @axil