fix(deps): consolidate dependency security fixes

- Upgrade http-server from ^0.12.3 to ^14.1.1 (v14 drops ecstatic)
- Remove ecstatic devDependency (no longer needed)
- Add yarn resolutions for transitive vulnerabilities:
  brace-expansion, convict, follow-redirects, handlebars, js-yaml,
  liquidjs, lodash, minimatch, picomatch, qs, sha.js

Supersedes #4028, #4093, #4094, #4102, #4120, #4121, #4122.
yarn audit: 0 vulnerabilities.

Author: kemister85

package.json

@@ -30,16 +30,28 @@
     "delay": "2500ms",
     "ext": "*"
   },
+  "resolutions": {
+    "brace-expansion": ">=1.1.13",
+    "convict": ">=6.2.5",
+    "follow-redirects": ">=1.16.0",
+    "handlebars": ">=4.7.9",
+    "js-yaml": ">=4.1.1",
+    "liquidjs": ">=10.25.5",
+    "lodash": ">=4.18.1",
+    "minimatch": ">=3.1.4",
+    "picomatch": ">=2.3.2",
+    "qs": ">=6.14.2",
+    "sha.js": ">=2.4.12"
+  },
   "devDependencies": {
     "@antora/cli": "^3.1.10",
     "@antora/site-generator-default": "^3.1.10",
     "@tinymce/antora-extension-livedemos": "^0.1.0",
     "@tinymce/moxiedoc": "^0.3.0",
     "dom-to-semantic-markdown": "^1.5.0",
     "dotenv": "^16.5.0",
-    "ecstatic": "^4.1.4",
     "gpt-tokenizer": "^3.4.0",
-    "http-server": "^0.12.3",
+    "http-server": "^14.1.1",
     "jsdom": "^24.1.0",
     "nodemon": "^3.1.10",
     "npm-run-all": "^4.1.5"