3.58.1 Hotfix for projection types and security improvements

[BoDonkey]

This hotfix reverts the addition of type: 1 to every projection that lacked this property. Instead, this is conditionally added only when the projection is inclusive—that is, when it specifies a list of fields to be returned. For projections that exclude fields, type: 1 will no longer be automatically added. This resolves a MongoDB error.

In addition, this hotfix updates the uploadfs dependencies to patch a security vulnerability in the sharp imaging package that could allow those with permission to upload images to an Apostrophe project to cause a buffer overflow error.

Security

• Update uploadfs to guarantee users get a fix for a potential security vulnerability in sharp.
  This was theoretically exploitable only by users with permission to upload media to Apostrophe
• Remove the webpack bundle analyzer feature, which had been nonfunctional for some time, to address a harmless npm audit warning
• Note: there is one remaining npm audit warning regarding postcss. This is not a true vulnerability because only developers
  with access to the entire codebase can modify styles passed to postcss by Apostrophe, but we are working with upstream
  developers to determine the best steps to clear the warning

Fixes

• Automatically add type to the projection only if there are no exclusions in the projection. Needed to prevent Cannot do exclusion on field in inclusion projection error.