DON-846: Upgrade helmet library to from 4.6.0 to 7.1.0

All breaking from versions 5 to 7 listed at https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md:

    Breaking: helmet.contentSecurityPolicy: useDefaults option now defaults to true
    Breaking: helmet.contentSecurityPolicy: form-action directive is now set to 'self' by default
    Breaking: helmet.crossOriginEmbedderPolicy is enabled by default
    Breaking: helmet.crossOriginOpenerPolicy is enabled by default
    Breaking: helmet.crossOriginResourcePolicy is enabled by default
    Breaking: helmet.originAgentCluster is enabled by default

    Breaking: helmet.contentSecurityPolicy no longer sets block-all-mixed-content directive by default
    Breaking: helmet.expectCt is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See #310
    Breaking: Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See #369

    Breaking: Drop support for Node 14 and 15. Node 16+ is now required
    Breaking: Expect-CT is no longer part of Helmet. If you still need it, you can use the expect-ct package. See #378

package.json

@@ -50,7 +50,7 @@
     "@stripe/stripe-js": "^2.1.0",
     "compression": "^1.7.4",
     "express": "^4.17.3",
-    "helmet": "^4.4.1",
+    "helmet": "^7.1.0",
     "jwt-decode": "^3.1.2",
     "material-icons-font": "^2.1.0",
     "morgan": "^1.10.0",