fix(security): pin serialize-javascript via overrides + lockfile v1 [APS-18800]

Re-applies the serialize-javascript RCE fix from #1096 (reverted in #1101)
without breaking Node 14 / npm 6 compatibility.

#1096 added "overrides" but regenerating package-lock.json on npm 10
bumped lockfileVersion 1 -> 3, which npm 6 cannot parse. Pinning
lockfile-version=1 in .npmrc enforces v1 regardless of contributor's
npm version, so the regression cannot recur.

- .npmrc: lockfile-version=1
- package.json: overrides.serialize-javascript >=7.0.5
- package-lock.json: regenerated under npm 10, stays at v1, contains
  serialize-javascript@7.0.5 pinned in the resolution tree

Verified: npm ls shows 7.0.5 overridden, npm audit clean, test suite
unchanged (678 passing / 13 pre-existing failures / 2 pending).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: karanshah-browserstack

.npmrc

@@ -1 +1,2 @@
 package-lock=true
+lockfile-version=1