…gate ReDoS attacks (CVE-2025-69873) (ajv-validator#2586)

* fix(pattern): address CVE-2025-69873 by implementing safeguards against ReDoS attacks in pattern validation

* remove console.log

* remove Node.js 16 CI build

---------

Co-authored-by: Lucas Akira Uehara <80917717@telefonicati.onmicrosoft.com>

## Summary

Upgrades `ajv` from 8.17.1 → **8\.18.0** (minor release) to resolve a high-severity **Regular Expression Denial of Service (ReDoS)** finding ([CVE-2025-69873](ajv-validator/ajv#2586)) in ajv's `pattern` keyword with `\$data`.

Linear: [MAN8-7228](https://linear.app/man8/issue/MAN8-7228/assetmill-upgrade-ajv-to-8180-snyk-redos)
Snyk project: https://app.snyk.io/org/man8/project/06db0e24-92a7-4385-93f2-4d01ae449811

## Caller impact

Two call sites:

- `src/config/json-schema.ts` — compiles the assetmill config schema via Ajv
- `src/config/loader.ts` — validates loaded YAML configs

ajv 8.18.0 is fully backward-compatible with 8.17.x; no code changes required.

## Test coverage

Existing tests cover both compile and validate paths:

- `src/__tests__/config.test.ts`
- `src/__tests__/config-error-handling.test.ts`

No new tests required for a minor-release patch.

## Verification

- `npm run ci` green locally — build + 73 tests pass + lint clean

Supersedes dependabot #40 (same upgrade, cleaner ticket-linked commit history).

## Test plan

- [x] `npm run ci` passes locally
- [x] GitHub Actions CI passes
- [x] Snyk re-scan shows the ajv ReDoS finding resolved

🤖 Generated with [Claude Code](https://claude.com/claude-code)