fix: reduce dependency CVE overrides and refresh vulnerable transitive deps (microsoft#2874)

- update react-native-macos-init to npm-registry-fetch 19.x
- refresh root and docsite lockfiles to pick patched tar/minimatch paths
- upgrade api-extractor and serve-handler where it removes override
pressure
- collapse remaining minimatch resolutions to the smallest set Yarn will
honor

Author: Saadnajmi