Lock Javascript dependencies

It's a good practice to lock dependency versions. But there's a specific
reason why this needs to be done now.

Tunnistamo isn't compatible with bootstrap-sass version 3.4.2. That
version switches [1] to a newish Sass syntax that isn't backwards
compatible [2]. Tunnistamo uses the django-sass-processor package to do
Sass preprocessing. That package uses the libsass library, which is
deprecated and will never support any newer Sass syntax [3]. As a
result, Tunnistamo is stuck with an old Sass syntax version unless the
preprocessor system is changed to something more modern.

In this commit the bootstrap-sass is locked to version 3.4.1 which still
uses the older syntax that libsass supports.

[1] twbs/bootstrap-sass#1221
[2] https://sass-lang.com/documentation/breaking-changes/slash-div
[3] https://sass-lang.com/blog/libsass-is-deprecated