chore: upgrade all devDependencies to latest versions

Fixes all 8 Dependabot security alerts (5 high, 3 moderate):
- vite 8.0.2 -> 8.0.8 (3 CVEs: fs.deny bypass, WebSocket file read, path traversal)
- happy-dom 20.8.4 -> 20.8.9 (2 CVEs: fetch credentials, code execution)
- lodash 4.17.23 -> 4.18.0 (2 CVEs: prototype pollution, code injection via template)
- picomatch 4.0.3 -> 4.0.4 (method injection in POSIX character classes)
- brace-expansion -> patched (zero-step sequence hang)

Also upgrades non-vulnerable packages to latest:
- @types/node 25.5.0 -> 25.6.0
- @vitest/coverage-v8 4.1.0 -> 4.1.4
- oxfmt 0.41.0 -> 0.44.0
- oxlint 1.56.0 -> 1.59.0
- react 19.2.4 -> 19.2.5
- react-dom 19.2.4 -> 19.2.5
- solid-js 1.9.11 -> 1.9.12
- vite-plugin-solid 2.11.11 -> 2.11.12
- vitest 4.1.0 -> 4.1.4

Adds type parameter to vi.fn(fetch) calls to satisfy new oxlint
require-mock-type-parameters rule.

Author: ConsoleTVs