Fix 4 Dependabot security alerts in qvac-lib-registry-server

[yuranich]

What problem does this PR solve?

Resolves 4 open Dependabot security alerts (#12, #15, #17, #22) in packages/qvac-lib-registry-server:

Alert	Package	Severity	Issue
#15	fast-xml-parser	critical	Entity encoding bypass via regex injection in DOCTYPE
#12	fast-xml-parser	high	DoS through entity expansion in DOCTYPE
#22	minimatch	high	ReDoS via repeated wildcards
#17	ajv	medium	ReDoS with $data option

How does it solve it?

• @aws-sdk/client-s3 bumped from ^3.864.0 to ^3.998.0 — transitive dep @aws-sdk/xml-builder@3.972.7 now pins fast-xml-parser@5.3.6 (patched)
• npm overrides added for minimatch (>=3.1.3) and ajv (6.14.0) — both are transitive deps of standard@17.1.2 → eslint@8.57.1 where no newer direct version exists

npm audit reports 0 vulnerabilities after the change. Lint and unit tests pass.

Breaking changes

None.

[yuranich]

/review

[github-actions]

Tier-based Approval Status

**PR Tier:** TIER1

**Current Status:** ✅ APPROVED

**Requirements:**
- 1 Team Member approval ✅ (1/1)
- 1 Team Lead OR Management approval ✅ (1/1)



---
*This comment is automatically updated when reviews change.*