fix: resolve security vulnerabilities in cipher-base, sha.js, and glob

- Add yarn resolutions for cipher-base (^1.0.5) to fix CVE-2025-9287
- Add yarn resolutions for sha.js (^2.4.12) to fix CVE-2025-9288
- Pin glob to 7.2.3 via yarn resolutions to prevent CVE-2025-64756
- Downgrade rimraf from 6.1.2 to 3.0.2 for compatibility with glob 7.x

Closes https://github.com/getditto/react-ditto/security/dependabot/179
Closes https://github.com/getditto/react-ditto/security/dependabot/180
Closes https://github.com/getditto/react-ditto/security/dependabot/191

Author: pvditto

package.json

@@ -40,7 +40,10 @@
     "react-dom": ">=16.0.0"
   },
   "resolutions": {
-    "tar-fs": "3.1.1"
+    "tar-fs": "3.1.1",
+    "cipher-base": "^1.0.5",
+    "sha.js": "^2.4.12",
+    "glob": "^7.2.3"
   },
   "devDependencies": {
     "@dittolive/ditto": "^4.0.0",
@@ -82,7 +85,7 @@
     "react": "^18.0.0",
     "react-dom": "^18.0.0",
     "react-test-renderer": "^18.0.0",
-    "rimraf": "^6.0.1",
+    "rimraf": "^3.0.2",
     "sinon": "^17.0.1",
     "sinon-chai": "^3.7.0",
     "typedoc": "^0.25.13",