Spring clean NPM dependency list

[taylortom]

Fixes #2301

[tomgreenfield]

Just to put pen to paper, I think my preference would be to stick to npm's default semver range specifier and requested versions so that simply running the following would redo the dependencies:

npm install --save archiver async bcrypt-nodejs body-parser bower bytes chalk compression connect-mongodb-session consolidate cookie-parser email-templates errorhandler express express-session ffmpeg-static ffprobe ffprobe-static fluent-ffmpeg formidable fs-extra glob grunt grunt-contrib-copy grunt-contrib-handlebars grunt-contrib-requirejs grunt-merge-json grunt-mocha-test handlebars handlebars-form-helpers hbs jshint-stylish json-schema-mapper junk less log-update matchdep method-override migrate-mongoose mime moment mongodb-uri mongoose morgan multer needle node-polyglot nodemailer optimist passport prompt request semver serve-favicon traverse underscore unzip validator winston yauzl
npm install --save-dev mocha mocha-multi mocha-simple-html-reporter mongodb should supertest

Note that package-lock.json must be regenerated once the version number in package.json has been bumped for release.