Update dependencies and Node versions

[eyelidlessness]

Updating dependencies addresses several vulnerabilities that come up in npm audit. The selected Node versions are the current LTS releases.

This change also:

• configures Puppeteer to store its cache in node_modules. This probably isn't the best solution, we may want to add its default path to the list of cacheable artifacts instead.
• adds Volta config and recommendation, to be consistent with the recommended usage in Transformer/Core/Express.
• uses Volta in CI. We may also want to add its downloads to the list of cacheable artifacts as well.
• adds a (temporary, pending Migrating to a monorepo enketo#860) restriction to NPM 6, also for consistency. I'm cautious about this, not just because it's temporary but because this project already has had a newer NPM lockfile. The intent in including it in the initial PR is mostly for discussion, but my inclination is to roll that part back and improve consistency in the monorepo migration.

[lognaturel]

I don't see a problem with locking the npm version for now and standardizing once it can be done in one place. What are some risks you have in mind?

[lognaturel]

We’ll need to release this as 3.0 since we’re dropping a node version and all other dependents will also get major version bumps, right?

[lognaturel]

Will be done in the monorepo https://github.com/enketo/enketo