Upgrade npm-run-all. Fixes compromised transitive dependency

[IllusionMH]

PR checklist

• Addresses an existing issue: no issue created
• New feature, bugfix, or enhancement
  • Includes tests
• Documentation update

Overview of change:

This PR bumps npm-run-all that had compromised transitive dependency in version 4.1.3 to 4.1.5 that uses alternative package and do not contains compromised packages.

Please see:
https://www.npmjs.com/advisories/737
mysticatea/npm-run-all#150
dominictarr/event-stream#116

Is there anything you'd like reviewers to focus on?

This dependency is listed in devDependencies section and 6.0.0-beta installations may install compromised dependency, but should not be used if no other dependencies in project will require event-stream

I've remembered that removing devDependencies is part of build process
https://github.com/Microsoft/tslint-microsoft-contrib/blob/4b911106ba4efa13996f05ada4a2ec7450330bc1/package.json#L60
https://github.com/Microsoft/tslint-microsoft-contrib/blob/4b911106ba4efa13996f05ada4a2ec7450330bc1/build-tasks/generate-package-json-for-npm.js#L8

So only developers of this package are affected.

[IllusionMH]

Updated description to clarify that only developers of this package were affected, and 6.0.0-beta doesn't contain compromised devDependencies.

List of contributors that published commits after compromised package was added to dependencies:
@JoshuaKGoldberg @IllusionMH @noamyogev84 @mesaugat @Retsam @esuau @reduckted @jcnsilva @Dgaduin @Igorbek

Please be informed about issue with event-stream/flatmap-stream

[JoshuaKGoldberg]

Thanks @IllusionMH!

...and now GitHub is showing a warning on the repo:

Verified the checksums match in package-lock.json.