fix(security): use npm-force-resolutions to avoid lockfileVersion upgrade

Switch from npm overrides (npm 7+) to npm-force-resolutions so the
package-lock.json stays at lockfileVersion 1, matching master.

- Replace overrides block with resolutions block in package.json
- Add npm-force-resolutions devDependency and preinstall script
- Regenerate package-lock.json with npm 6 (lockfileVersion 1 preserved)
- serialize-javascript is still pinned to 7.0.3 (fixes GHSA-5c6j-r48x-rmvq)

Author: karanshah-browserstack