Resolve pnpm audit vulnerabilities in dev dependencies

[gregnazario]

Summary

Addresses all issues reported by pnpm audit.

Changes

• vite 8.0.2 → 8.0.13 — fixes multiple high/moderate advisories (including transitive PostCSS).
• typescript-eslint 8.57.2 → 8.59.3 — latest 8.x line; still pulled a vulnerable picomatch via tinyglobby, so we added a targeted override.
• pnpm.overrides — eslint 9.39.4 is already the latest 9.x but still resolves vulnerable flatted (via flat-cache) and brace-expansion@1.1.12 (via minimatch 3.x). Overrides force patched versions without a breaking ESLint major bump.

Verification

• pnpm audit — no known vulnerabilities
• pnpm run lint — pass
• pnpm run build — pass
• pnpm run fmt:check — pass