chore(deps): bump basic-ftp to 5.3.0 and vite to 7.3.2

Supersedes #42 (npm-security group) and #44 (vite direct bump) —
both blocked by branch-name governance. Re-created on a codex-
compliant branch per docs/SECURITY.md.

- basic-ftp: pnpm.overrides pin ^5.2.0 -> ^5.3.0 (security group)
- vite: devDependency ^7.0.4 -> ^7.3.2 (minor, plugin-react 5 safe)

#43 (picomatch 2.3.1 -> 2.3.2) intentionally skipped: picomatch@2.3.1
is a transitive dep pinned by a parent, and a minor-patch bump isn't
worth an override hack. Picomatch@4.0.3 coexists at the latest major
already.

Validated locally:
- pnpm install resolves cleanly to basic-ftp 5.3.0 and vite 7.3.2
- pnpm build: 636ms
- pnpm test: 127/127
- pnpm typecheck: clean

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: saagar210

package.json

@@ -112,7 +112,7 @@
     "commitizen": "^4.3.1",
     "husky": "^9.1.7",
     "typescript": "~5.8.3",
-    "vite": "^7.0.4",
+    "vite": "^7.3.2",
     "vitest": "^3.2.4",
     "@vitest/coverage-v8": "^3.2.4",
     "@axe-core/playwright": "^4.11.0",
@@ -138,7 +138,7 @@
   "pnpm": {
     "overrides": {
       "@lhci/cli>tmp": "^0.2.4",
-      "basic-ftp": "^5.2.0",
+      "basic-ftp": "^5.3.0",
       "commitizen>lodash": "^4.17.23",
       "eslint>ajv": "^6.14.0",
       "external-editor>tmp": "^0.2.4",