Downgrade package lockfile version

We specify Node v14 in our `.nvmrc` file, which comes with npm v6. This
version of npm complains when if finds a package-lock.json file using
lockfileVersion@2, and replaces it with an equivalent lockfile using the
older format. This is confusing for contributors, and breaks `rake
release`, which complains about uncommited changes.

This commit fixes the issue by commiting a version of package-lock.json
using lockfileVersion@2. If and when this repo starts using Node v16 we
can upgrade the lockfile again.