Add renovate and bolt for auto-package updates, and CVE's

[davidzwa]

Fixes #33 Might fix #34

• Add Mend Renovate as a bot (here)
  • Setting: pull-request requirement should be enabled (optional)
  • Required actions to complete CI (optional)
  • Pin the npm package versions (required, this is how Renovate works best: it will take over specific versions automatically)
• Add Mend Bolt (https://github.com/marketplace/whitesource-bolt) as a bot
  • Add Mend for CVE detected (if not wanted, let me know. I can revert this)
  • Mend was previously known as Whitesource

What will happen?

• A lot of PRs will open up at first. This is normal for a first start.
• At a daily schedule package-lock PRs will be created to update lock file dependencies 🥳
• A Renovate dashboard issue will appear tracking all open PRs
• CVE's will be made (and closed automatically when resolved on main to keep users informed about their status)

In case of questions about Renovate and/or Bolt. Please ask away!