chore: upgrade to pnpm v11 and enhance security settings

[panz3r]

This PR focuses on updating package management tooling and enhancing security policies for dependency updates.
The main changes include upgrading the pnpm package manager version, improving platform compatibility for native dependencies, and introducing stricter security controls for dependency updates.

Dependency management and compatibility:

• Upgraded the pnpm package manager version from 10.27.0 to 11.7.0 in package.json for improved features and bug fixes.
• Added explicit libc constraints (either glibc or musl) to various native sharp and sharp-libvips dependencies in pnpm-lock.yaml, improving compatibility and reliability across different Linux distributions and architectures.

Security and update policies:

• Introduced new security and update policies in pnpm-workspace.yaml, including:
  • Disabling builds for esbuild to prevent unwanted binary builds.
  • Enforcing a minimum release age of 24 hours for dependency updates to mitigate supply chain attacks.
  • Blocking updates to packages with exotic (unusual or non-registry) dependencies.
  • Preventing updates if a package’s trust level has decreased compared to previous releases.