chore: patch transitive dev-dependency CVEs via pnpm overrides (#1626)

Clears 16 open Dependabot alerts (all scope=development, transitive) by
pinning patched minimums: fast-uri, follow-redirects, hono, ip-address,
postcss, qs, tmp. fast-uri capped <4 to avoid a surprise major.

Angular peerDeps (22.0.x) intentionally left untouched: bumping them in
this repo gives published-package consumers no security benefit (they
resolve their own Angular) and the 22.0.1 patch breaks TestBed. esbuild
left to the weekly Dependabot PR: its advisories need Deno fetch / a
Windows dev server, neither of which runs here, and a global override
risks the vite/webpack build.

Author: CodeAndWeb

package.json

@@ -56,5 +56,16 @@
     "lint-staged": {
         "*.js": "eslint --cache --fix",
         "*.{js,css,md}": "prettier --write"
+    },
+    "pnpm": {
+        "overrides": {
+            "fast-uri": ">=3.1.2 <4",
+            "follow-redirects": ">=1.16.0",
+            "hono": ">=4.12.21",
+            "ip-address": ">=10.1.1",
+            "postcss": ">=8.5.10",
+            "qs": ">=6.15.2",
+            "tmp": ">=0.2.6"
+        }
     }
 }