Bulk minor/patch bumps via npm update (#77)

Pulls in within-range updates for AWS SDK, fontawesome, cors, cross-env,
several eslint plugins, express-jwt, pug, semver, and the sqlite wrapper.
package.json is unchanged -- this is just a lockfile refresh that lets
npm dedup the tree (added 9, removed 51, changed 13). Audit still clean
(0 vulns). Smoke-tested a sqlite open/insert/select round-trip on the
new tree.

Major bumps (express 4->5, sqlite 4->5, eslint 7->10, ini 4->6,
fontawesome 6->7, cross-env 7->10) are deliberately left for separate,
per-package PRs.

Author: mattgodbolt