Move mocha to devdependencies

It's vulnerable, per `npm audit`, so we don't want it in production.

Inspired by GitHub user makuro's commit @ 9045d25.

makuro/swagger-node@9045d25

Author: DeeDeeG

package.json

@@ -26,7 +26,6 @@
     "inquirer": "^6.2.2",
     "js-yaml": "^3.13.0",
     "lodash": "^4.17.11",
-    "mocha": "^6.0.2",
     "nodemon": "^1.18.10",
     "serve-static": "^1.13.2",
     "swagger-converter": "^1.5.1",
@@ -36,6 +35,7 @@
   },
   "devDependencies": {
     "chai": "^4.2.0",
+    "mocha": "^6.0.2",
     "mock-stdin": "^0.3.1",
     "proxyquire": "^2.1.0",
     "should": "^13.2.3",