[feat] danger should block PRs if yarn audit finds high or critical issues

[ahobson]

Does your feature request relate to a specific USWDS feature?
No

Is your feature request related to a problem? Please describe.
dependabot suggests pasting the output of yarn audit which can be large and the process is cumbersome

Describe the solution you'd like
Change the danger config to block PRs if yarn audit finds high or critical issues

Describe alternatives you've considered
This solution was adopted by another project and seems to work well

[haworku]

@ahobson If you are looking at danger stuff could you add these tweaks as well (if its easy)? I noticed them during the last release.

danger should not run on dependabot PRs
danger should not do the package.json check on release PRs - all release PRs have change to package.json

[ahobson]

I'm looking into those two items today and tomorrow

Do we not want to run any danger stuff at all on dependabot? I can see that, just want to confirm