refactor: Move to dev-deps only in example/test apps

[alexvy86]

Description

Switches all dependencies of (most) example/test apps to be dev-dependencies. This gets them marked correctly in the lockfile, which might have the benefit ~that we won't get prod-level Component Governance alerts for them.~ that was incorrect (Component Governance classifies its alerts based on how the pipeline is categorized, production or not; it doesn't care if the dependency is a development or a production dependency). So the win might be just in clarity in our lockfile, where we could be able to easily tell if a particular dependency is used by production packages at all or not.

Reviewer Guidance

The review process is outlined on this wiki page.

[WayneFerrao]

Changes look good as far as I can tell. How'd you find out that dev-dependencies won't get prod Component governance alerts ( only for dependencies)?

[alexvy86]

Changes look good as far as I can tell. How'd you find out that dev-dependencies won't get prod Component governance alerts ( only for dependencies)?

Thanks for asking the question because you made me realize I couldn't remember why, and on looking into it realized it's incorrect :). The way Component Governance decides if an alert should be marked production or non-production in ADO is based on how we categorized the pipeline in which the issue was detected, not on whether the dependencies are development/production. This would still be a potential win for clarity in our lockfile (if we see a dependency with dev:true, we know that no production packages use it), but there's no win in the Component Governance front.

[microsoft-github-policy-service[bot]]

This PR has been automatically marked as stale because it has had no activity for 60 days. It will be closed if no further activity occurs within 8 days of this comment. Thank you for your contributions to Fluid Framework!