BREAKING CHANGE: this removes the promise return value, replacing it
with a regular value.

This is essentially a full rewrite of this module, but maintains the
basic shape of the API and arrangement of internal functionality.

The 'install' summary report now provides clearer actionable
information, telling the user to use `npm audit --fix` only if necessary
(and then warning them about semver major updates vs mere dep range
breakage).  Likewise, running `npm audit fix` is only suggested if doing
so will fix something.  If there are issues that cannot be fixed without
removing a dependency, then we report that as well.

The detail report is significantly tightened up, partly due to the
processing that Arborist does before handing the data over to the
reporter, and partly by virtue of showing dependency issues nested under
the advisory issue that causes them, and the removal of the table
borders.

The JSON report is, as can be expected, changed quite significantly.
Anyone using that today will probably have to change their approach.  It
MAY be worth altering what npm v7 outputs for `npm audit --json` for
this reason, opting to just dump the `arborist.auditReport.report`
instead of passing `arborist.auditReport` to this module.  On the other
hand, it may not be.

Chalk is now used in place of console-control-strings, as the added
control that ccs affords is not necessary, and chalk is fine.