chore(DF-859): migrate eslint to v9 flat config and fix vulnerabilites

[mokhld]

Proposed change

Jira ticket:

Type of change

• Bug fix
• New feature
• Breaking change
• Misc. (documentation, build updates, etc)

Checklist

• You have executed this code locally and it performs as expected.
• You have added tests to verify your code works.
• You have added code comments and JSDoc, where appropriate.
• There is no commented-out code.
• You have added developer docs in README.md and docs/* (where appropriate, e.g. new features).
• The tests are passing (npm run test).
• The linting checks are passing (npm run lint).
• The code has been formatted (npm run format).

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[mokhld]

The minimatch vulnerability (<=3.1.3, high severity, ReDoS) comes from serve-handler@6.1.6 pinning minimatch@3.0.4, which is a transitive dependency of @docusaurus/core. There’s an open PR to fix this upstream (vercel/serve-handler#228). A blanket override breaks Jest’s coverage instrumentation (test-exclude expects CJS minimatch), so we’ve used a scoped override targeting only serve-handler’s minimatch to 3.1.5 (the latest safe 3.x patch) which resolves all three CVEs without impacting tests.

[jbarnsley10]

LGTM