Migrate to Yarn

[jroebu14]

Is your feature request related to a problem? Please describe.
We use npm-force-resolutions to prevent security vulnerabilities within certain versions of packages entering our builds. npm-force-resolutions is run on the preinstall script instead of install which in certain situations allows security vulnerabilities to creep back into our builds.

Describe the solution you'd like
Switch to Yarn which has first-class support for forced resolutions https://classic.yarnpkg.com/en/docs/selective-version-resolutions/

Potential issues:

• Yarn doesn't have a npm ci script - https://stackoverflow.com/questions/58482655/what-is-the-closest-to-npm-ci-in-yarn so we should maybe ensure we have a ci script and run npm run ci
• Devs will probably run npm install instead of yarn install out of habit and accidentally commit and possibly even merge a package-lock.json - potential mitigation [Question] How to prevent people from using npm install <package name> yarnpkg/yarn#4895 (comment) this doesn't prevent installing packages though - might need to do something in a pre-commit hook to prevent committing a package-lock.json
• yarn add has no --no-save flag https://stackoverflow.com/questions/50563698/how-to-yarn-add-without-update-other-packages which could be a problem here https://github.com/bbc/simorgh/pull/8762/files#diff-3d69362a6ac78bb0e116ea6b8126715d7b25600d287f7ac0853e05c6e102b63fR48

More info:

• https://classic.yarnpkg.com/en/docs/migrating-from-npm/

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Testing notes
[Tester to complete]

Dev insight: Will Cypress tests be required or are unit tests sufficient? Will there be any potential regression? etc

• This feature is expected to need manual testing.

Additional context
Note: Updating to yarn will also allow us to start removing the resolve.alias section of our webpack:

simorgh/webpack.config.js

Line 39 in 057f568

alias: {