add npm audit to workflow, remove vulnerable packages

[lenkan]

This PR adds a step to the workflow that runs npm audit, which is used to scan for reported vulnerabilities among the dependencies in package-lock.json. This can be done without installing any dependencies and that step will fail if there are any vulnerabilities reported in the dependencies.

There was 8 medium and 3 high vulnerabilities reported by the size-limit dependency. It is not being used currently, so I removed it along with any other unused packages I found.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (858dea2) 81.42% compared to head (400d561) 81.42%.

Additional details and impacted files

@@             Coverage Diff              @@
##           development     #175   +/-   ##
============================================
  Coverage        81.42%   81.42%           
============================================
  Files               46       46           
  Lines             4141     4141           
  Branches          1030     1030           
============================================
  Hits              3372     3372           
  Misses             737      737           
  Partials            32       32           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.