deps: fix 7 Dependabot alerts (flatted, devalue, cookie, svelte)

- Override flatted 3.3.3→3.4.2 (HIGH: unbounded recursion DoS)
- Override devalue 5.6.3→5.6.4 (MEDIUM: prototype pollution, LOW: __proto__)
- Override cookie 0.6.0→1.1.1 (LOW: out-of-bounds chars)
- Bump svelte 5.53.3→5.53.13 (MEDIUM: 2x SSR XSS fixes)
- @sveltejs/kit experimental form DoS (LOW) — no override available, not exploitable (feature is experimental and unused)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ccross2

package-lock.json

@@ -25,11 +25,16 @@
     "prettier": "^3.4.0",
     "prettier-plugin-svelte": "^3.3.0",
     "satori": "^0.19.2",
-    "svelte": "^5.45.2",
+    "svelte": "^5.53.13",
     "svelte-check": "^4.4.4",
     "vite": "^7.3.1"
   },
   "dependencies": {
     "geist": "^1.7.0"
+  },
+  "overrides": {
+    "flatted": "^3.4.2",
+    "devalue": "^5.6.4",
+    "cookie": "^1.1.1"
   }
 }