fix: remove stale fast-xml-parser override, upgrade aws-cdk-lib (#368)

* fix: resolve npm audit vulnerabilities for minimatch and ajv

- Add minimatch override to 10.2.1 (GHSA-3ppc-4f35-3m26) fixing 19 of
  21 high-severity ReDoS findings across eslint, typescript-eslint,
  archiver, and prettier-plugin-sort-imports transitive deps
- Upgrade aws-cdk-lib devDependency to ^2.239.0 to fix bundled
  ajv 8.17.1 -> 8.18.0 (GHSA-2g4f-4pwh-qvx6)
- Scope security:audit to production deps (--omit=dev) since remaining
  findings are in bundled dev deps with no upstream fix available
  (aws-cdk-lib bundled minimatch v3, eslint ajv v6)

* fix: remove stale fast-xml-parser override

@aws-sdk/xml-builder@3.972.5 now natively pins fast-xml-parser@5.3.6,
so the CVE-2026-26278 override is no longer needed.

* fix: revert minimatch override and audit script change

Keep security:audit at --audit-level=high without --omit=dev.
Remove minimatch override to avoid major version bump risk (v3 -> v10).
Remaining minimatch and ajv findings are upstream issues with no fix.

Author: tejaskash