BAU: npm audit force patched node-fetch version

`node-fetch` has been fixed at <= 2.6.0 in the `@nivo` libraries, there
is a tracked removal of these deprecated methods
plouc/nivo#884.

This has been ongoing for roughly a year and looks like it won't be
patched in all the dependent modules (nivo/line) for a while.

The only parts of this app that use nivo/ react is the live payments
dashboard, the proposal is to split this out into its own component
repository as these kind of issues shouldn't reuqire maintenance for Pay
backend devs.

In the meantime none of the nivo components for the live payments
dashboard use asynchronous loading, as this is never used it is safe to
patch out the library failing npm audit (node fetch) until these
dependencies are moved over to a separate component repository and
handled and tracked over there.