Upgrade dependencies to fix CVEs and setup a dependabot/renovate-like solution

[thomvaill]

• Upgrade dependencies to fix CVEs (except Next.js which is a separate issue) thanks to yarn upgrade-interactive, like what was started in Upgrade dependencies  #115 (thank you @ezavgorodniy)
• Configure the Security tab in Github (-> @thomvaill)
• Assess and implement one of the dependabot/renovate-like solutions if possible so that we have a procedure in place to fix the upcoming CVEs