fix: resolve CI failures for security audit, PR title validation, and dependabot noise

- Update npm overrides: minimatch 10.2.1→10.2.4, add fast-xml-parser 5.3.9
- Add --omit=dev to security:audit (aws-cdk-lib bundles vulnerable minimatch
  as a bundledDependency that overrides cannot fix; it's a devDep, not shipped)
- Add statuses:write permission to pr-title.yml (fixes "Resource not accessible
  by integration" error on all human PRs)
- Group dependabot PRs: @aws-sdk/*, @smithy/*, @aws-cdk/*, github-actions
  into single PRs; reduce open-pull-requests-limit 20→10

Author: tejaskash

.github/dependabot.yml

@@ -5,6 +5,14 @@ updates:
     schedule:
       interval: 'weekly'
     groups:
+      aws-sdk:
+        patterns:
+          - '@aws-sdk/*'
+          - '@smithy/*'
+      aws-cdk:
+        patterns:
+          - '@aws-cdk/*'
+          - 'aws-cdk-lib'
       dev-dependencies:
         dependency-type: 'development'
         patterns:
@@ -13,14 +21,20 @@ updates:
           - 'prettier*'
           - 'vitest*'
           - '@trivago/*'
+          - '@typescript-eslint/*'
+          - 'typescript-eslint'
     commit-message:
       prefix: 'chore'
       include: 'scope'
-    open-pull-requests-limit: 20
+    open-pull-requests-limit: 10
 
   - package-ecosystem: 'github-actions'
     directory: '/'
     schedule:
       interval: 'weekly'
+    groups:
+      github-actions:
+        patterns:
+          - '*'
     commit-message:
       prefix: 'ci'

.github/workflows/pr-title.yml

@@ -5,6 +5,9 @@ on:
     branches: [main, feat/gateway-integration]
     types: [opened, edited, synchronize, reopened]
 
+permissions:
+  statuses: write
+
 jobs:
   validate-pr-title:
     runs-on: ubuntu-latest