fix(security): add pnpm overrides for esbuild and fast-uri

[fro-bot]

Summary

Remediates 4 Dependabot security alerts by adding pnpm overrides in `pnpm-workspace.yaml` to pin transitive `esbuild` and `fast-uri` to non-vulnerable versions.

Alerts Fixed

Alert	Severity	Package	Vulnerable Range	Patched
#90	High	esbuild	`>= 0.17.0, < 0.28.1`	0.28.1
#89	Low	esbuild	`>= 0.27.3, < 0.28.1`	0.28.1
#87	High	fast-uri	`<= 3.1.1`	3.1.2
#86	High	fast-uri	`<= 3.1.0`	3.1.2

Details

Both `esbuild` and `fast-uri` are transitive dependencies:

• `esbuild`: via `vite`, `vitest`, `@eslint/config-inspector`, `bundle-require`, `tsup`
• `fast-uri`: via `ajv` (used by `eslint`)

The overrides follow the same pattern as the in-progress fix in `bfra-me/.github#2292`.

Notes

This PR does not address the GitHub Action file pinning pattern (per org convention), only the dependency version pin.

Auto-generated by Fro Bot org autoheal scan.

[fro-bot]

Superseded by #1467 — this branch (fix/security-alerts) is CONFLICTING due to Renovate lock-file churn. The rebased branch is at pr-1463-rebased and re-applies the same esbuild + fast-uri overrides on top of current main with a freshly regenerated lockfile. Please close this PR in favor of #1467.