Refine OSV release scan gating (#1505)

* ci: refine OSV release scan gating

Allow manual release tag scans and fail only when High or Critical vulnerabilities are present.

Add a GitHub Actions summary table for release tag OSV findings so detected advisories are easier to inspect from the workflow UI.

Validation: npm run lint:ci; node --check .github/scripts/fail-on-osv-high-or-critical.mjs; git diff --check.

* ci: type OSV release scan script

Convert the release tag OSV gating script to TypeScript and add explicit types for OSV findings, severity parsing, and Actions summary output.

Update the workflow to run the script through Node strip-types.

Validation: npm run lint:ci; npx tsc --noEmit --ignoreConfig --allowJs false --module NodeNext --moduleResolution NodeNext --target ES2024 --types node .github/scripts/fail-on-osv-high-or-critical.ts; node --experimental-strip-types --check .github/scripts/fail-on-osv-high-or-critical.ts; sample Low/Critical JSON checks.

* ci: escape markdown backslashes in OSV summary

Escape backslashes before table separators when writing OSV findings to the GitHub Actions step summary.

This addresses CodeQL js/incomplete-sanitization for the Markdown cell escaping helper.

Validation: npm run lint:ci; npx tsc --noEmit --ignoreConfig --allowJs false --module NodeNext --moduleResolution NodeNext --target ES2024 --types node .github/scripts/fail-on-osv-high-or-critical.ts; node --experimental-strip-types --check .github/scripts/fail-on-osv-high-or-critical.ts; sample Low/Critical JSON checks.

Author: shm11C3