fix: resolve axios and brace-expansion security vulnerabilities (#2238)

## Summary
- Update `axios` to 1.13.5 (fixes
[GHSA-43fc-jf86-j433](GHSA-43fc-jf86-j433)
- DoS via `__proto__` key in mergeConfig)
- Update `@isaacs/brace-expansion` to 5.0.1 (fixes
[GHSA-7h2j-956f-4vf2](GHSA-7h2j-956f-4vf2)
- uncontrolled resource consumption)
- Lockfile-only change via `npm audit fix`, no `package.json`
modifications

The `fast-xml-parser` alert (#142) was dismissed as tolerable risk -
it's a transitive dep used for XML sample generation by
`openapi-sampler`, and the Apify API is JSON-only.

## Test plan
- [ ] Verify CI passes (lockfile-only change, no functional impact)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: B4nan