Fix security vulnerabilities detected by Dependabot (#55)

### Motivation and Context

<!-- Thank you for your contribution to the copilot-chat repo!
Please help reviewers and future users, providing the following
information:
  1. Why is this change required?
  2. What problem does it solve?
  3. What scenario does it contribute to?
  4. If it fixes an open issue, please link to the issue here.
-->
addresses the 6 [security
vulnerabilities](https://github.com/microsoft/chat-copilot/security/dependabot)
detected by Dependabot.

### Description
- removes `vsts-npm-auth` and `better-vsts-npm-auth` since these
packages are intended to be installed globally
- moves `react-scripts` to `devDependencies`:
- this is the recommended fix for resolving vulnerabilities from
transitive dependencies of `react-scripts`:
facebook/create-react-app#11174
- with a [recent
change](https://github.blog/2023-05-02-dependabot-relieves-alert-fatigue-from-npm-devdependencies/)
made by Github, Dependabot should now be smarter in catching false
positives that come from devDependencies and we shouldn't have these
alerts in the future.

<!-- Describe your changes, the overall approach, the underlying design.
These notes will help understanding how your code works. Thanks! -->

### Contribution Checklist

<!-- Before submitting this PR, please make sure: -->

- [ ] The code builds clean without any errors or warnings
- [ ] The PR follows the [Contribution
Guidelines](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md)
and the [pre-submission formatting
script](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md#development-scripts)
raises no violations
- [ ] All unit tests pass, and I have added new tests where possible
- [ ] I didn't break anyone 😄