ci: add weekly non-blocking pnpm audit (#4766)

Visibility-only audit workflow on a Monday-morning cron. Runs
pnpm audit --audit-level=high with continue-on-error so it surfaces
new advisories in the Actions tab without gating PR merges. Findings
are typically in upstream dev tooling (lerna, nx, commitizen,
vitepress) that we use deliberately and can't fix at the leaf.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>