ci: enhance security for Renovate PRs

This will help to prevent Renovate from opening PR for any new npm published versions
which might contain supply-chain attack

See https://docs.renovatebot.com/presets-npm/

Author: ahnpnl

renovate.json

@@ -5,14 +5,16 @@
     "group:docusaurusMonorepo",
     ":prHourlyLimit2",
     "helpers:pinGitHubActionDigests",
+    ":semanticCommitTypeAll(build)",
+    "npm:unpublishSafe",
     "workarounds:all"
   ],
   "timezone": "UTC",
   "rangeStrategy": "bump",
   "separateMajorMinor": true,
   "prConcurrentLimit": 2,
   "semanticCommits": "enabled",
-  "commitMessagePrefix": "build(deps):",
+  "internalChecksFilter": "strict",
   "ignoreDeps": [
     "@mdx-js/react",
     "@types/react",