Move roave/security-advisories to require-dev #47
Description
This package can both be used as an application and as a dependency, so adding roave/security-advisories to require is quite a heavy transitive dependency.
Should be moved to require-dev so that it is only active when the package is used as an application.