Exclude composer.lock from existing in consumers projects

Use .gitattributes  to exclude composer.lock from existing in consumers projects.

its not used by composer at all when its used as a package and its make the security analysis tools throws error because of versions within it.