fix(deps): upgrade backstage packages to fix CVE-2026-24046

Upgrades @backstage/backend-defaults (0.12.0 -> 0.12.2),
@backstage/plugin-scaffolder-backend (2.2.0 -> 2.2.2), and
@backstage/plugin-scaffolder-node (0.11.0 -> 0.11.2) to address
symlink path traversal in Scaffolder actions (GHSA-rq6q-wr2q-7pgp).

Replaces the previous yarn patch-based mitigation with the official
fix versions. Lockfile changes were applied using yarn-lockfile-surgeon
to minimize transitive dependency impact.

Author: jonkoops