Fixes/improvements to the boilerplate (from Digital Presence Site Management App)

This issue tracks the following fixes found during the development of https://gitlab.developers.cam.ac.uk/digital/site-management-app/webapp/-/merge_requests/4 , along with some possible improvements that were also made:

• styleguidist isn't working out-of-the-box: needs react-styleguidist adding as an npm dev dependency (adding to package.json and package-lock.json) and the following line being added to the scripts section of package.json: "styleguidist-server": "styleguidist server"
• For most prokects, Django will raise warnings about "auto fields" which appear to be spurious (they're for built-in ID fields). Add DEFAULT_AUTO_FIELD = "django.db.models.AutoField" to <name>_project/settings/base.py to silence these warnings.
• The following addition to tox.ini seems to be needed to prevent errors when running management commands through Tox (needs further investigation):

# Commands located outside of the Tox environment or that Tox cannot find.
allowlist_externals=
    ./manage.py

• To help maintain a cleaner local dev environment, the following should be added to compose/development.env to prevent writing of Python bytecode files (when generating migrations, etc.):

# Disable writing of .pyc files
PYTHONDONTWRITEBYTECODE=1

• Consider adding dry-rest-permissions to requirements/base.txt to help standardise how API permissions are specified (also requires adding "dry_rest_permissions" to INSTALLED_APPS in <name>_project/settings/base.py).