Fix npm audit warnings in NPM package

[SiarheiFedartsou]

Issue

At the moment if I run npm audit in project with installed @project-osrm/osrm it complains about a couple of warnings coming from our package:

The reason of this is dependencies we have in package which actually can be made dev-dependencies as they are only needed for build/test purposes.

Tasklist

• CHANGELOG.md entry (How to write a changelog entry)
• update relevant Wiki pages
• add tests (see testing documentation)
• review
• adjust for comments
• cherry pick to release branch

Requirements / Relations

Link any requirements here. Other pull requests this PR is based on?

[SiarheiFedartsou]

Will alert if we start having this problem again. Unfortunately it can be quite unexpected: e.g. if vulnerability will be found in version of @mapbox/node-pre-gyp we use and NPM will start reporting it.

[SiarheiFedartsou]

--production means "audit only non-dev dependencies". Our dev dependencies have a lot of problems at the moment and it is quite difficult to fix(that's why the fix is to just move problematic dependencies from non-dev to dev)

[SiarheiFedartsou]

cheap-ruler, mkdirp and rimraf are used in tests only
nan and node-cmake are needed to only build binary and not needed to use package after it

[SiarheiFedartsou]

Tbh it would be great to somehow check that package will 100% work without them on some clean test project(even though I am 99% confident that it will work :) ), but not sure how to properly do that.

[SiarheiFedartsou]

Not sure why we needed it, but it seems there is no need in it too https://docs.npmjs.com/cli/v8/configuring-npm/package-json#bundledependencies

[DennisOSRM]

👍