fix: sync root package-lock.json with package.json (#383)

The root package.json declares @actions/exec ^3.0.0 (and transitively
@actions/io ^3.0.2), but the committed lock still pinned @actions/exec
1.1.1 / @actions/io 1.1.3, left over from an earlier dependency bump.
This makes `npm ci` fail (EUSAGE: package.json and package-lock.json
out of sync), breaking the unit-test job on every PR.

Regenerated with `npm install --package-lock-only`; `npm ci` now passes.
Only the top-level @actions/exec/@actions/io entries change; @actions/core
keeps its own nested 1.1.x copies.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: marcelmtz