Fix critical vulnerabilities from daily dependency scan (#21402)

* Fix CVE-2026-33937: resolve handlebars to 4.7.9

grpc_tools_node_protoc_ts pins handlebars 4.7.7 and has no fixed
release. Use yarn resolutions to force 4.7.9 which patches the
JavaScript injection via AST type confusion vulnerability.

Co-authored-by: Ona <no-reply@ona.com>

* Fix protobufjs arbitrary code execution: bump to 7.5.5

Lockfile-only change. Both @grpc/proto-loader (^7.2.5) and ts-proto
(^7.2.4) already accept 7.5.5 via semver, so no package.json or
resolution changes needed.

Co-authored-by: Ona <no-reply@ona.com>

---------

Co-authored-by: Ona <no-reply@ona.com>