Addresses #4684
#minor

Description

This PR updates the version of the jsonwebtoken package from 8.x to 9.x to fix the CVE-2022-23539 (https://github.com/microsoft/botbuilder-js/security/dependabot/243) vulnerability.
Along the way, the following vulnerabilities were also fixed in this PR:

• sanitize-html https://github.com/microsoft/botbuilder-js/security/dependabot/345 - CVE-2022-25887
• lodash.pick https://github.com/microsoft/botbuilder-js/security/dependabot/324 - CVE-2020-8203
• node-fetch https://github.com/microsoft/botbuilder-js/security/dependabot/96 - CVE-2022-0235
• trim https://github.com/microsoft/botbuilder-js/security/dependabot/80 - CVE-2020-7753

This PR also improves the browser-functional project and pipeline to work with latest Chrome and Firefox drivers, avoiding using npm dependencies for these, and have a clear way to test them locally.

Specific Changes

• Added lodash.pick internal project that acts as a proxy between vulnerable lodash.pick version and lodash. So it doesn't reintroduce the CVE-2020-8203 vulnerability.
• Removed jsonwebtoken resolution, as it's no longer needed with the new version of botframework-webchat.
• Updated botframework-webchat inside browser-echo-bot from 4.5.0 to 4.16.0 (note: 4.17.0 has node 18 limitation).
• Added browserify, react, and react-dom as devDependencies, since they are required in the webpack server.
• Added sanitize-html resolution to update the version from 2.11 to 2.13. The rest of sanitize-html vulnerabilities (moderate) have been solved after updating botframework-webchat.
• Added use browser drivers step in the browser-functional pipeline to copy the Chrome and Firefox drivers from the current running pipeline machine.
• Nightwatch tests improvements
  • npm geckodriver has been replaced with using the geckodriver.exe directly.
  • chromedriver.exe has been removed to be provided by the user or pipeline step. Mostly to use the latest version or a specific one.
  • Fixed issues with webchat, since it changed from version 4.5 to 4.16, and required DOM element references to be updated.
  • Added validation steps before all tests run, checking if the requirements like "drivers" and "browser" meet the requirements. Otherwise, it shows a message to install them.

Testing

The following images show the browser-functional validations, the tests and pipeline passing.