Upgrade insecure npm dependencies for angularjs staff client

Here is the collab branch: https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/collab/sandbergja/lp1992529_npm_vulnerabilities_in_angjs

I needed to make a few changes to the webpack config to get it to build again, notably:
* Using terser instead of uglifier
* Using webpack's built-in chunking, rather than the CommonsChunkPlugin

I did some minimal poking around in the UI, and didn't see any very obvious regressions. I haven't run the test suite yet.

Also, there are still 3 critical vulnerabilities from our dependency on lovefield.

Apologies for not including any testing steps on this one! Here are some vague testing steps, such as they are:

1. Load this patch
2. Go through typical workflows in as many AngularJS interfaces as possible, and make sure there are no new bugs added by this patch. Some AngularJS screens that are particularly important to test for regressions:
   a. Check in
   b. Check out
   c. Item status
   d. Item buckets
   e. Record buckets
   f. Z39.50

I've walked through these tasks on a server with this installed and didn't find any problems, but I don't know enough about what the change is doing to sign off:

- Checked items out (normal way, specific due date, non-cat item, precat item)
- Checked items in (from check in screen, from patron account)
- Marked item Lost & checked it in
- Marked item damaged
- Paid bill
- Created patron notes
- Looked at item status
- Added & removed records from item & record buckets
- Imported some records via z39.50
- Created new patron & edited patrons
- Patron search

Reading the patch, this bit really jumped out at me:

  - "angular": "~1.6.7",
  + "angular": "^1.5.6",

Why the version downgrade? I would have expected an upgrade to 1.8.x, all things being equal.

Noting that https://github.com/google/lovefield/issues/254 suggests that the js-yaml vulnerability is not a factor in practice, as we don't use Lovefield's SPAC option.

Thanks for reviewing it, Galen! No clue what the angular version switcheroo was about. I amended my commit to keep the angular version consistent.