deps: fix security alerts

Update vulnerable npm dependencies and lockfile overrides to clear Dependabot alerts for hono, uuid, file-type, and diff. Validated with audit, typecheck, tests, lint, and build.