Nextjs: Improve Google Fonts failure error messages and documentation

[nsheaps]

Helpful for debugging which fonts need to be mocked

related: #23332

What I did

Made the error message (which I saw typically thrown during chromatic builds) useful by including the original error in the newly thrown error, which makes the mocking tasks way easier.

Documentation also added for mocking (which is really part of nextjs but no documentation exists)

How to test

Tested by manually adding these changes in minified code when testing mocked font responses for use with chromatic.

Checklist

• Make sure your changes are tested (stories and/or unit, integration, or end-to-end tests)
• Make sure to add/update documentation regarding your changes
• If you are deprecating/removing a feature, make sure to update
  MIGRATION.MD

Maintainers

• When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli/src/sandbox-templates.ts
• Make sure this PR contains one of the labels below.

["cleanup", "BREAKING CHANGE", "feature request", "bug", "build", "documentation", "maintenance", "dependencies", "other"]

🦋 Canary release

This PR does not have a canary release associated. You can request a canary release of this pull request by mentioning the @storybookjs/core team here.

core team members can create a canary release here or locally with gh workflow run --repo storybookjs/storybook canary-release-pr.yml --field pr=<PR_NUMBER>

[jonniebigodes]

@nsheaps thanks for addressing the feedback so promptly. Appreciate it 🙏 ! Documentation-wise it's all good on my end. I'll defer to the other maintainers and see what they have to say about it.

Hope you have a great day.

Stay safe

[yannbf]

@nsheaps thanks for addressing the feedback so promptly. Appreciate it 🙏 ! Documentation-wise it's all good on my end. I'll defer to the other maintainers and see what they have to say about it.

Hope you have a great day.

Stay safe

I see some opportunity to use the categorized errors framework here, so leave it to me and I'll update this branch soon and merge it!

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
browser-assert	1.2.1	None	+0	5.34 kB	muji
@storybook/addons	7.2.0-alpha.0	None	+0	4.39 kB	shilman
@typescript-eslint/experimental-utils	5.62.0	None	+0	4.9 kB	jameshenry
husky	4.3.8	filesystem, shell, environment	+0	53.5 kB	typicode
jest-serializer-html	7.1.0	None	+0	6.97 kB	eunjae-lee
jest-junit	16.0.0	None	+0	41.9 kB	jsonp
@storybook/addon-controls	7.2.0-alpha.0	None	+0	17 kB	shilman

🚮 Removed packages: @types/prompts@2.4.4, file-system-cache@2.3.0, magic-string@0.27.0, safe-identifier@0.4.2, window-size@1.1.1

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
New author	jest-serializer-html	7.1.0	New Author: eunjae-lee Previous Author: rayrutjes	code/package.json scripts/package.json
New author	bower-endpoint-parser	0.2.2	New Author: sheerun Previous Author: satazor	ember-cli@3.24.0 via test-storybooks/ember-cli/package.json
Shell access	husky	4.3.8	Module: child_process Location: lib/installer/checkGitVersion.js +2 more instances...	code/package.json scripts/package.json

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore jest-serializer-html@7.1.0
• @SocketSecurity ignore bower-endpoint-parser@0.2.2
• @SocketSecurity ignore husky@4.3.8