run npm audit fix --force to fix most errors

[diracdeltas]

and use better-npm-audit to exclude https://npmjs.com/advisories/1556
(low-sev DoS vector that isn't fixed in some deps)

fix #566

Changes

• CI will now error on low vulns unless they are specifically excluded. Please check with sec team before adding any more exclusions.
• Package updates to fix security issues when possible; note that a few of these are major updates so need to be checked carefully for breakage.

Test plan

make sure CI passes

Link / storybook path to visual changes

Integration

• Does this contain changes to src/components or src/

  • Will you publish to npm immediately after this PR, or wait until sometime in the future?
  • Incompatible API change to something existing (major version increase)
  • Adding new backwards-compatible functionality? (minor version increase)
  • Fixing a bug backwards-compatibly? (patch version increase)

• Does this contain changes to src/features for brave-core?

  • Are there non backwards-compatible changes required for brave-core? Do not merge until brave-core PR is approvable. Link to brave-core PR:
  • Will you create brave-core PR to update to this commit after it is merged?
  • Wants uplift to brave-core feature branch?
    • When uplift-approved, merge to brave-core-0.VV.x feature branch
    • Create additional brave-core PRs for each feature branch to update commit

[diracdeltas]

Unsurprisingly, the non-security tests fail because of the major package upgrades. It's a bit beyond me as someone who has never worked with this repo before to figure out what needs to be done to fix them. I did find that updating all the jest packages to the latest version fixed most of the unit tests.

@ryanml @zenparsing help would be appreciated here. Obviously the easy fix is to just exclude more sec vulnerabilities from failing the audit, but really we should update packages to the major versions that are getting security updates.