chore: enable blockExoticSubdeps for security

Blocks transitive deps using file:/git: protocols at install time.
Audited the lockfile and all package.json files: zero non-link
exotic protocols in the graph, so this is a no-op for resolution
today and provides defense-in-depth against future supply-chain
attacks via compromised transitive deps.

https://pnpm.io/settings#blockexoticsubdeps

https://claude.ai/code/session_01G759MUqmjsPh9k1qDxbdjG

Author: claude

pnpm-workspace.yaml

@@ -19,3 +19,4 @@ publicHoistPattern:
   - "*prisma*"
 preferWorkspacePackages: true
 sideEffectsCache: false
+blockExoticSubdeps: true