fix(security): pin serialize-javascript to >=7.0.5 via npm overrides [APS-18800]

Fixes GHSA-5c6j-r48x-rmvq (RCE) and GHSA-qj8w-gfj5-8c6v (DoS) in the
transitive serialize-javascript dependency pulled in by mocha. Uses npm's
native `overrides` field — no third-party workarounds needed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: karanshah-browserstack