fix(security): upgrade path-to-regexp 8.3.0 to 8.4.0 (ReDoS) (#602)

Fixes CVE where multiple sequential optional groups generate
exponentially growing regexes causing denial of service.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: imran-siddique

packages/agent-os/extensions/copilot/package-lock.json

@@ -42,6 +42,7 @@
     "axios": "^1.6.0",
     "dotenv": "^17.3.1",
     "express": "^5.2.1",
+    "path-to-regexp": "8.4.0",
     "winston": "^3.11.0"
   },
   "devDependencies": {