chore: update all dependencies, resolve CVE-2026-27903, reconfigure Dependabot to monthly

[Copilot]

All npm dependencies were out of date and several carried high-severity advisories, including CVE-2026-27903 (minimatch ReDoS). Dependabot was also running weekly when monthly is preferred.

Dependency updates

• Ran npm update to advance all packages to their latest in-range versions
• Added overrides in package.json for vulnerabilities npm update cannot reach on its own:

Override	Resolves
"@typescript-eslint/typescript-estree": { "minimatch": "^9.0.7" }	CVE-2026-27903 + two related ReDoS advisories — prettier-eslint pins its transitive @typescript-eslint/typescript-estree@6.21.0 to exact minimatch@9.0.3
"@actions/artifact": "^6.2.0"	GHSA-g9mf-h72j-4rw9 (undici resource exhaustion) via @actions/http-client@^4.0.0 → undici@^6.23.0
"@actions/github": "^9.0.0"	Same undici chain rooted in @actions/github@6.0.1

npm audit reports 0 vulnerabilities after these changes.

Dependabot

Changed interval from weekly → monthly for both the npm and github-actions ecosystems in .github/dependabot.yml.

Super-linter: respect .gitignore

Added IGNORE_GITIGNORED_FILES: true to both .github/workflows/linter.yml and the local Docker run command in .github/copilot-instructions.md. This prevents false positives (e.g. CSS/HTML errors from the gitignored coverage/ directory) in both CI and local agent runs.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.