Harden package installs with pnpm and CI updates

[mcgrew-oai]

Summary

This PR migrates the repo's primary package manager from Yarn to pnpm and updates install paths in CI and ecosystem tests to use committed, repo-scoped package-manager configuration.

Changes in this PR:

• migrate the root repo and examples/ to pinned pnpm via Corepack
• add pnpm-workspace.yaml and commit pnpm-lock.yaml
• make ./scripts/bootstrap verify the pnpm hardening settings and always install with --frozen-lockfile
• update scripts and GitHub Actions workflows to use corepack pnpm
• keep npm ecosystem fixtures on npm, with per-project .npmrc config, but run them with repo-pinned npm@11.12.1 so the npm hardening keys are actually respected
• add Bun install config and verify bun install --frozen-lockfile in CI
• remove stale root Yarn and examples/ package-lock artifacts

Why

To reduce package supply chain risk by making installs use committed, repo-scoped package-manager configuration in both local development and CI.

This moves the primary repo workflow onto pinned pnpm, makes bootstrap and CI use the same hardened install path, and keeps explicit config in the npm and Bun compatibility fixtures instead of relying on default package-manager behavior.

Testing

Ran locally:

• ./scripts/bootstrap
• corepack pnpm build
• corepack pnpm lint
• env -u OPENAI_API_KEY ./scripts/test
• bun install --frozen-lockfile in ecosystem-tests/bun
• corepack pnpm tsn ecosystem-tests/cli.ts --retry=0 browser-direct-import ts-browser-webpack

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7d40a03040

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".