Insight dependency with open CVE

[plasticlobster]

While I posted this originally in reply to a "closed, not an issue" issue from back in May, I fear it'll go unnoticed there, so I'm opening a new issue urging you to reconsider patching.

The insight dependency that may have been "just warnings" back in May now has a CVE attached to it, as the request package is no longer supported by the maintainer and will not be updated to patch its associated security issue.
CVE-2023-28155

While the pacote dependency cleanup in Cordova 12.0.0 does address one path of requiring request, the other path through insight is still very much an issue.

insight also seems to be a dead project with no updates since 2021.

I have not delved into why Cordova needs insight, but it seems like now might be a good time to strip that dependency.

Originally posted by @plasticlobster in #610 (comment)

[breautek]

insight is what collects telemetry data, assuming the user has opted in.

There was previous talks about stripping it already but it was ultimately decided to keep it "for now" since while it was unmaintained, it still worked with no known issues, so there wasn't a reason to strip it without any actual replacement.

Now I think we have that reason. I'll support any PR that strips out insight dependency and any usages of it.