pin passport-steam back to 1.0.10

[tiennou]

Because versions >1.0.10 switch out passport-openid with @passport-next/passport-openid, and the latter uses ESM, this breaks on Node 10.

Otherwise at least Jomik's server fails with :

Error loading "/screeps/mods/node_modules/screepsmod-auth/index.js": /screeps/mods/node_modules/openid/node_modules/axios/index.js:1
import axios from './lib/axios.js';
       ^^^^^

SyntaxError: Unexpected identifier

which breaks authentication pretty weirdly.

The caveat is that passport-openid was swapped out for being vulnerable 😩.

[tiennou]

I found out why: openid bumped its axios dependency all the way up to 1.6, which breaks on Node 10: https://github.com/havard/node-openid/commit/39bbc52c58d547053775fd124bce479c3169a9e6