replace unsupported cssnano with clean-css

[edmund-oconnell]

Problem

1. There is a security vulnerability in js-yaml-3.7.0 (see snyk db details here) which ultimately lives in the dependency chain of cssnano-cli.
2. CSSNano seems to be largely unsupported. From this article the author summarises

• The original maintainer has gotten overwhelmed with a day job and no longer is supporting the project.
• The successor ended up not really doing very much and is now MIA.
• There are mentions of version 4 which is suppose to work but was never completed.
• The project seems be being passes around between a few surrogate developers.

Solution

The solution proposed is to swap out css-nano for clean-css. This package has 12m+ weekly downloads and is fully supported. More importantly it contains no vulnerable packages in its dependency chain

[monzanifabio]

cssnano was previously replaced by @kaimi- with csso (see https://github.com/monzanifabio/cryptofont/pull/21) Is there any benefit in having clean-css over csso?

[edmund-oconnell]

cssnano was previously replaced by @kaimi- with csso (see #21) Is there any benefit in having clean-css over csso?

No. The main thing was to address the vulnerabilities in the dependency chain of cssnano-cli. Looks like this is in hand so closing this PR.

[monzanifabio]

Thanks for your contribution :)