fix: override transitive uuid to ^9 to keep Node 14/16/18/20 working

thrift@0.23.0 (the CVE-patched thrift required by GHSA-r67j-r569-jrwp
and GHSA-526f-jxpj-jmg2) declared `uuid: ^13.0.0`. uuid@13 is
ESM-only ("type": "module") with no engines.node restriction, but
thrift's compact_protocol.js does require('uuid') — which fails on
Node < 22.12 with ERR_REQUIRE_ESM.

The failure cascades through the test harness:
- mocha 10.x tries import() first, falls back to require() on
  ERR_UNKNOWN_FILE_EXTENSION
- ts-node compiles the test, which transitively requires thrift
- thrift requires uuid — fails with ERR_REQUIRE_ESM
- mocha catches it as 'cannot use import statement outside a
  module', re-throws the original ERR_UNKNOWN_FILE_EXTENSION

End-user impact would have been identical: anyone using the driver
on Node 14/16/18/20 would crash with ERR_REQUIRE_ESM on first
thrift use.

Fix: pin transitive uuid to ^9.0.0 (CommonJS-compatible) via
package.json overrides. uuid@9 is what the driver already uses
directly. The public uuid API used by thrift (v4 generation) is
identical across v9 and v13.

Lockfile regenerated from scratch with npm 10 to ensure the
override is applied to fresh resolution. The format also upgraded
from lockfileVersion 2 to 3 — only the legacy `dependencies`
mirror block was dropped, no semantic changes. package-lock.json
is not in the published tarball (see .npmignore) so end users are
unaffected.

Co-authored-by: Isaac
Signed-off-by: Vikrant Puppala <vikrant.puppala@databricks.com>

Author: vikrantpuppala