add lodash to require_config so that WIPs can start importing during migration

[biyeun]

Summary

We are officially beginning the migration from underscore to lodash. The recent CVE for underscore prompted us to fast-track the upgrade progress for underscore, which we realized breaks lots of things including require.js imports.

This PR adds 'lodash' to the short-hand paths so that it can be available for devs to use right now for any WIPs not yet merged into master.

By the way, these breaking changes for minor versions are not the first time this has happened. If you read this thread, it's very clear the maintainers do not care about breaking changes or your "problematic" legacy applications. See sentimental versioning for some other similarly-versioned libraries (and a good laugh).

Safety Assurance

• Risk label is set correctly
• All migrations are backwards compatible and won't block deploy
• The set of people pinged as reviewers is appropriate for the level of risk of the change
• If QA is part of the safety story, the "Awaiting QA" label is used
• I have confidence that this PR will not introduce a regression for the reasons below

Automated test coverage

QA Plan

We will do a QA round on the actual migration.

Safety story

This just makes lodash easily available. Does not change any active code.

Rollback instructions

• This PR can be reverted after deploy with no further considerations

[biyeun]

Note: holding off until the pressure of SSO development reduces and I have capacity to come up with a full plan (see conversation in slack)