chore: update deps, dependabot, and bump version

[justlevine]

What

1. Updates deps to their latest compatible versions.
2. Updates dependabot.yml to a sensible config.
3. Backports Encryptor class
4. Drops beta from the version.

Why

Related Issue(s):

How

Testing Instructions

Screenshots

Additional Info

Checklist

• I have read the Contribution Guidelines.
• I have read the Development Guidelines.
• My code is tested to the best of my abilities.
• My code passes all lints (ESLint etc.).
• My code has detailed inline documentation.
• I have updated the project documentation as needed.

[Copilot]

Pull request overview

This PR attempts to update dependencies and remove the beta designation from version 1.1.0, while also backporting a refactored Encryptor class. However, the PR contains multiple critical issues that prevent it from being safely merged.

Changes:

• Updates version from 1.1.0-beta.1 to 1.1.0 across multiple files
• Updates Dependabot configuration with new grouping and scheduling rules
• Backports a refactored Encryptor class that changes encryption from AES-256-GCM to AES-256-CTR
• Updates several composer and npm dependencies (though some are downgrades rather than upgrades)

Reviewed changes

Copilot reviewed 7 out of 9 changed files in this pull request and generated 14 comments.

Show a summary per file

File	Description
readme.txt	Updates stable tag to 1.1.0 and replaces inline changelog with link to GitHub
package.json	Updates npm dependencies, includes downgrades for @wordpress/components (31.0.0→30.9.0) and eslint (9.39.2→8.57.1)
oneupdate.php	Updates plugin version to 1.1.0
inc/Encryptor.php	Complete rewrite changing from AES-GCM to AES-CTR encryption with no migration path
composer.lock	Updates PHP dependencies including downgrades (plugin-check 1.8.0→1.6.0)
composer.json	Downgrades plugin-check requirement from ~1.8.0 to ~1.6.0
CHANGELOG.md	Updates version header to 1.1.0
.github/dependabot.yml	Adds invalid configuration options (cooldown, directories) and removes several package ecosystems

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The fallback encryption key "this-is-not-a-real-key-change-me" is a significant security risk. If ONEPRESS_ENCRYPTION_KEY and LOGGED_IN_KEY are not defined (which could happen in development environments or misconfigured installations), all encrypted data would be protected only by this hardcoded, publicly-known key. This completely defeats the purpose of encryption. Consider throwing an exception or refusing to encrypt/decrypt if proper keys are not configured, rather than silently using an insecure fallback.