chore(deps): Upgrade major version of lerna (aws#13723)

This resolves https://github.com/aws/aws-cdk/security/dependabot/yarn.lock/ssri/open

Lerna is the root of the dependency chain causing this security alert. 

```console
=> Found "ssri@6.0.1"
info Reasons this module exists
   - "_project_#lerna#@lerna#publish#@evocateur#pacote" depends on it
   - Hoisted from "_project_#lerna#@lerna#publish#@evocateur#pacote#ssri"
   - Hoisted from "_project_#lerna#@lerna#publish#@evocateur#npm-registry-fetch#make-fetch-happen#ssri"
   - Hoisted from "_project_#lerna#@lerna#publish#@evocateur#pacote#cacache#ssri"
   - Hoisted from "_project_#lerna#@lerna#publish#@lerna#pack-directory#@lerna#get-packed#ssri"
   - Hoisted from "_project_#lerna#@lerna#publish#@lerna#npm-publish#@evocateur#libnpmpublish#ssri"
```

Unfortunately upgrading all transitive deps of the latest lerna version for `3.x` doesn't pull the necessary upgrade to resolve the alert.

So it's either:

1. Wait for lerna to release a `3.x` patch to resolve this, which doesn't seem likely since the alert refers to a deep transitive dependency.
2. Manually and selectively upgrade the `ssri` package to a new major version - feels fragile.
3. Upgrade to lerna `4.x`.

Opted for option 3 since it sounds the most reasonable. 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

package.json

@@ -21,7 +21,7 @@
     "jsii-diff": "^1.25.0",
     "jsii-pacmak": "^1.25.0",
     "jsii-rosetta": "^1.25.0",
-    "lerna": "^3.22.1",
+    "lerna": "^4.0.0",
     "standard-version": "^9.1.1",
     "typescript": "~3.9.9"
   },