Add a way to prevent `npm logout` from revoking the token in the `.npmrc`

[bradzacher]

At Canva we have some private packages we publish and consume from npm. In order to install these packages we need to issue readonly tokens.

We have ~1500 engineers which means that providing each engineer with access to the @canva/ scope so that they can issue their own personal tokens - so instead we use a single, read-only token checked-in to the repo in the root .npmrc file.

There is one major issue with this in that if anyone runs npm logout within a folder in the repo then it will revoke the token checked-in to the repo. This, of course, means that all npm installs break across all surfaces, and in turn this means an incident and an oncall page to notify someone to generate a new token and commit it to the repo to unbreak things.

We would love it if there was a way to physically block the npm logout command from running in the repo. For example something as simple as being able to set logout=false in the .npmrc to cause the npm logout command to fail would go a long way to close this incident vector.