chore(deps): bump vulnerable website deps to resolve security alerts (#999)

Resolves Dependabot security alerts in the docs website (pnpm project).
Lockfile-only bump via `pnpm update joi js-yaml -r` — no `overrides` or
hand-edited versions.

### Fixed
- **joi**: 17.13.3 → 17.13.4 (consumers repointed; duplicate 17.13.3
resolution removed)
- **js-yaml**: ≥ 4.2.0 already resolved in the lockfile (no change
needed for the v4 line)

### Not addressed here
- **js-yaml 3.14.2** remains via `gray-matter@4.0.3`, which pins
`js-yaml@^3.x` and cannot be moved to v4 without a `gray-matter`
upgrade. Out of scope for a lockfile-only bump.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Author: B4nan