Make Karma and related packages devDependencies

[BennyLi]

In our package.json karma is defined as dependency. If you run npm audit on a branch with the latest node and npm LTS version, then some security issues are listed, for which all karma is responsible. It would be nice if we define karma as a devDependency, because we don't need it for the production build, and then we don't ship a production-dependency with a security issue, even though it's probably not bad.