chore(deps): add pnpm overrides for vulnerable transitive deps

[lukecotter]

📝 PR Overview

Adds pnpm workspace overrides to force minimum versions of transitive dependencies flagged by security advisories, and regenerates the lockfile so the upgrades apply across all workspaces.

🛠️ Changes made

• Add overrides block in pnpm-workspace.yaml pinning minimums for @babel/plugin-transform-modules-systemjs, @xmldom/xmldom, brace-expansion, fast-uri, follow-redirects, lodash, path-to-regexp, picomatch, serialize-javascript, undici, uuid, webpack-dev-server, and ws
• Regenerate pnpm-lock.yaml to resolve transitive deps against the new overrides

🧩 Type of change (check all applicable)

• 🐛 Bug fix - something not working as expected
• ✨ New feature – adds new functionality
• ♻️ Refactor - internal changes with no user impact
• ⚡ Performance Improvement
• 📝 Documentation - README or documentation site changes
• 🔧 Chore - dev tooling, CI, config
• 💥 Breaking change

📷 Screenshots / gifs / video [optional]

No UI changes.

🔗 Related Issues

None.

✅ Tests added?

• 👍 yes
• 🙅 no, not needed
• 🙋 no, I need help

📚 Docs updated?

• 🔖 README.md
• 🔖 CHANGELOG.md
• 📖 help site
• 🙅 not needed

Anything else we need to know? [optional]

Test plan:

• pnpm install resolves cleanly
• pnpm build
• pnpm test
• pnpm lint