should not trigger warning during install from composer.lock

[Flyingmana]

as with direct download including a hash its already protected enough

// just reporting as I saw multiple reports in various chats triggered by the new release of magento/composer

reported here, because thats the repository linked from https://magento.com/blog/best-practices/adobe-releases-new-composer-plugin-magento-243-release
if its belonging into a different, please advise/forward
(does it belong to https://github.com/magento/composer-dependency-version-audit-plugin ?)