flight-recorder: bump react-router-dom to ^7.15.0 and add npm overrides

react-router-dom was a direct dep pinned at ^7.9.3; same CVE class as
pecan's react-router (DoS, RCE, XSS via redirects) requires >= 7.15.0.
Bumped the direct dep range.

Also adds an npm 'overrides' block to force patched transitive deps:

  lodash               -> ^4.18.0
  qs                   -> ^6.15.2
  picomatch            -> ^2.3.2
  fast-uri             -> ^3.1.2
  serialize-javascript -> ^7.0.5

Regenerated package-lock.json. Verified the lock now pins:

  lodash                4.18.1
  picomatch             2.3.2
  fast-uri              3.1.2
  serialize-javascript  7.0.5
  react-router-dom      7.16.0

Author: wfr-data-acquisition