Remove pinned async dev dependency from default package.json

[web-padawan]

This is a transitive dev dependency pinned in package.json:

https://github.com/vaadin/flow/blob/51a7bb9888947be213b19d0389c2ea6f3874295d/flow-server/src/main/resources/com/vaadin/flow/server/frontend/dependencies/default/package.json#L11

It was introduced in https://github.com/vaadin/flow/pull/13547, see that PR for comments. There should be no need to pin it, "jake" dev dependency now depends on "async": "^3.2.3" which is not affected by the original vulnerability.