Register Express as a peer dependency

[stevehobbsdev]

Description

This PR:

• Adds Express as a peer dependency ">= 4.17.0"
• Corrects the minimum Express version in the readme
• Corrects the sample in the readme, where appSessionKey should be appSessionSecret

Rationale

The peer dependency of Express is useful because:

• The minimum required version of Express is 4.17, which brings in cookie@0.4.0, which is the minimum version of cookie that supports the SameSite attribute
• An app scaffolded with express-generator still installs express@4.16 by default which brings in a lower version of cookie that does not support the SameSite attribute
• Including express@>= 4.17.0 as a peer dependency means that at least the user will get a warning when they try to install it
• As this library is primarily used in an Express application, we can leave the local dependency on express in devDependencies

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not master

[lbalmaceda]

@stevehobbsdev, please rebase

[joshcanhelp]

@stevehobbsdev - Thanks for this! The Quickstart and sample need to be updated as well

[stevehobbsdev]

@joshcanhelp What needs to happen on the sample? I can't see where these changes would affect anything there. Will submit a change to the quickstart now.

@lbalmaceda I've rebased, looks like CI is fixed 👍

[stevehobbsdev]

@joshcanhelp Actually it looks like the quickstart is correct.

[lbalmaceda]

@stevehobbsdev probably Josh meant:

• This for the article
  
• This for the sample https://github.com/auth0-samples/auth0-express-webapp-sample/blob/master/01-Login/package.json#L8 and https://github.com/auth0-samples/auth0-express-webapp-sample/blob/master/00-Starter-Seed/package.json#L8

[stevehobbsdev]

Done, PRs attached.

[lbalmaceda]

Both merged now. I'll merge this one as well 👍