fix: bump form-data to 4.0.5 to resolve CVE-2025-7783 (#685)

Add form-data override to pin version 4.0.5, fixing Dependabot alert #46.
form-data <4.0.4 uses Math.random() for multipart boundary generation,
which is predictable and can allow request injection (CVSS v4: 9.4).

form-data is a transitive dev dependency via axios and does not affect
production builds.

Author: Zee2413