Added tough-cookie override (TryGhost#27687)

no ref

`tough-cookie@2.5.0` was reachable via the deprecated `request@2.88.2`
package — `@tryghost/logging > bunyan-loggly > node-loggly-bulk >
request > tough-cookie` — which is on the production path through any
code that imports `@tryghost/logging` (job-manager, prometheus-metrics,
server, gscan, knex-migrator).

Author: 9larsons

package.json

@@ -105,6 +105,7 @@
       "qs@<6.14.1": "^6.14.2",
       "tar@<7.5.11": "^7.5.11",
       "tmp@<=0.2.3": "^0.2.4",
+      "tough-cookie@<4.1.3": "^4.1.3",
       "trim@<0.0.3": "^0.0.3",
       "undici@<6.24.0": "^6.24.0",
       "underscore@>=1.3.2 <1.12.1": "^1.12.1",