ci: revert lockfile updates and don't allow lockfile updates when installing

[G-Rath]

Summary

This reverts #1302 as updates to versions that are not compatible with Ruby v2.7 and ends up causing more harm - I've also updated bundle install to error if the lockfile would be changed when installing in CI to prevent this from happening in future.

This is to address the immediate issue of CI just being broken right now - I expect that this will still cause problems with #1306 so will investigate further once this is landed.

Pull Request checklist

Remove this line after checking all the items here. If the item is not applicable to the PR, both check it out and wrap it by ~.

• Add/update test to cover these changes
• Update documentation
• Update CHANGELOG file

[ahangarha]

@Judahmeek, shouldn't we update the react-rails version in these lock files?

[G-Rath]

ugh right a release was done after this update - that's annoying since this is technically a revert; I've figured out how to resolve the problem with just mini_racer though so have pushed that up which also updates the lockfiles to be generally correct without upgrading other versions (i.e so the react-rails version should now be correct).

In terms of steps, I think we should:

1. merge this PR, fixing the current CI with Ruby 2.7 and local (since that's broken currently due to mini_racer)
2. redo test: update fixture gemfile locks #1302 with the headless=new fix, so that we're up to date (since we'll eventually end up updating selenium-webdriver which will require this, so might as well get it done) - Fix test failures #1326 could be used for that
3. rebase bug: Prevent roots from being re-created when using React 18 #1305, feat: support other js package managers #1306, and chore: switch default branch to main #1327