move "list pending install scripts" out of approve-scripts --allow-scripts-pending

[JamieMagee]

Follow-up from RFC #868 (make install scripts opt-in), tracking npm/rfcs#868 (comment).

Problem

npm approve-scripts --allow-scripts-pending (shipped in v11.16.0; --pending in the RFC text) lists packages whose install scripts aren't yet covered by allowScripts. It writes nothing. Because the command is named approve-scripts, the flag reads as "approve the pending scripts" when it only lists them. This came up as a point of confusion after the v11.16.0 release.

Current behaviour (lib/utils/allow-scripts-cmd.js):

• npm approve-scripts --allow-scripts-pending only lists.
• npm deny-scripts --allow-scripts-pending errors as unsupported.
• The post-install warning sends people to npm approve-scripts --allow-scripts-pending "to review".

Proposal

Give the listing its own command so the name matches the action. Options from the thread: npm pending-scripts or npm manage-scripts. If the namespace follow-up (companion issue) lands, this becomes npm install-scripts ls.

Once the dedicated command exists, deprecate --allow-scripts-pending on approve-scripts and drop the unsupported deny-scripts path. The flag has shipped, so deprecate it rather than removing it outright.

Notes

• No RFC required; the RFC defers this to the CLI.
• Re-point the post-install allow-scripts warning at the new command.
• Move the --json listing output across with it (see also [BUG] npm approve-scripts --json output issues #9529).