chore: move dependencies about to fix vulnerabilities

[cabljac]

This PR fixes all but one npm audit vulnerability with firestore-bigquery-changetracker.

It moves certain dependencies to dev deps. We have to be careful because in the past the build/deploy process of extensions doesn't like this - I think it omits dev dependencies at some point, and then at build time we get typescript errors in e.g test files.

The solution is a separate tsconfig for build, so the test files aren't seen at build time.

The Firebase Extensions deploy process likely does something like:

1. Uploads the source code (everything in the functions/ directory)
2. Runs npm install on the remote build server without devDependencies (i.e.
   --omit=dev or NODE_ENV=production)
3. That triggers the prepare script → npm run build → npm run clean && npm run compile
4. The compiled lib/ output is what actually runs as the Cloud Function

So on the remote server, only dependencies are installed. This is why jest in dependencies was working (but wasteful) - having a separate tsconfig.build.json with "types": ["node"] fixed it as the build no longer asks for types that aren't installed