build(pnpm): add workspace security policy flags

[arthurfiorette]

What's added in this PR?

• Adds the pnpm workspace security flags already enabled in zephyr-cloud-io.
• Updates pnpm-lock.yaml with the resulting pnpm install and pnpm dedupe lockfile changes.

Screenshots

• N/A

What's the issues or discussion related to this PR ?

• Ticket: N/A
• Why: keep zephyr-packages aligned with the pnpm trust and release-age policy already used in the sibling repo, so installs enforce the same supply-chain constraints.

What are the steps to test this PR?

1. Check pnpm-workspace.yaml contains the new top-level flags.
2. Run pnpm install.
3. Run pnpm dedupe.
4. Confirm the lockfile stays consistent and installs complete.

Documentation update for this PR (if applicable)?

• N/A

(Optional) What's left to be done for this PR?

• None.

(Optional) What's the potential risk and how to mitigate it?

• The new trust policy may reject newly added or freshly published dependencies that do not meet the policy thresholds. If that happens, review the package source and trust configuration before updating dependencies.

(Required) Pre-PR/Merge checklist

• I have added/updated/opened a PR to documentation to cover this new behavior
• I have added an explanation of my changes
• I have written new tests (if applicable)
• I have tested this locally (standing from a first time user point of view, never touch this app before)
• I have/will run tests, or ask for help to add test