fix: upgrade simple-git to 3.32.3 to resolve critical CVE-2026-28292 (#41613)

## Summary
- Bump `simple-git` from `^3.27.0` to `^3.32.3` (resolves to `3.33.0`)
in `app/client/packages/rts/package.json`
- Resolves [Dependabot alert
#523](https://github.com/appsmithorg/appsmith/security/dependabot/523) —
**CVE-2026-28292** (CVSS 9.8, critical RCE)

## Details
The `blockUnsafeOperationsPlugin` in `simple-git` uses a case-sensitive
regex to block `-c protocol.allow=always` arguments. Git treats config
keys case-insensitively, so uppercase variants like
`PROTOCOL.ALLOW=always` bypass the check entirely, enabling arbitrary
command execution via the `ext::` protocol.

Version `3.32.3` adds the `/i` flag to the regex, closing the bypass.

No breaking API changes exist between 3.27.0 and 3.33.0 — the APIs used
by Appsmith (`simpleGit()`, `ResetMode`, `git.reset()`, `git.clean()`)
are unchanged.


Fixes
https://linear.app/appsmith/issue/APP-15006/critical-vulnerability-simple-git-has-blockunsafeoperationsplugin

## Automation

/ok-to-test tags="@tag.All"

### :mag: Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/22991205090>
> Commit: ed8489938daf710740fa3701ae49353c78d7c842
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=22991205090&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Thu, 12 Mar 2026 08:56:46 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low-risk dependency bump intended to patch a security issue; main risk
is subtle behavior changes in `simple-git` affecting `gitService`
reset/clean operations.
> 
> **Overview**
> Upgrades the `appsmith-rts` dependency on `simple-git` from `^3.27.0`
to `^3.32.3` (resolving to `3.33.0`) to address the critical RCE
vulnerability **CVE-2026-28292**.
> 
> Updates `yarn.lock` accordingly, including `simple-git`’s transitive
dependency bump to `debug@^4.4.0`; no application code changes beyond
the dependency version update.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
ed8489938daf710740fa3701ae49353c78d7c842. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Updated internal dependencies to incorporate latest improvements and
stability enhancements.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->