fix(runtimes): replace registry-js with native reg query to remove vu… (#737)

Remove registry-js dependency to eliminate transitive `ansi-regex@2.1.1`
vulnerability (CVE-2021-3807). Replace with direct calls to Windows `reg
query` command, which reads the same registry values without requiring a
native addon or its heavy dependency tree.

## Problem

`registry-js@1.16.1` depends on `prebuild-install@^5.3.5` → `npmlog` →
`gauge` → `strip-ansi` → `ansi-regex@2.1.1` (CVE-2021-3807, CVSS 7.5).

The existing `prebuild-install` override in the root `package.json` only
works locally — npm overrides do not propagate to downstream consumers.
`registry-js` has not been updated in 2+ years.

This was previously fixed in v0.3.10 (PR #719) but re-introduced in
v0.3.12.

## Solution

Replace `registry-js` with the built-in Windows `reg query` command via
`child_process.spawnSync`. This reads the same registry values
(`ProxyEnable`, `ProxyServer`, `ProxyOverride`) without any external
dependencies.

Changes:
-
`runtimes/runtimes/util/standalone/getProxySettings/getWindowsProxySettings.ts`
— replaced `registry-js` import with native `spawnSync('reg', ...)`
calls
- `runtimes/package.json` — removed `registry-js` from dependencies
- `package-lock.json` — regenerated (removed 30 packages)

Testing:
- `npm run compile` ✅
- `npm run test` — 33/33 passing ✅
- `npm run check:formatting` ✅
- `npm list registry-js` — empty ✅
- No `ansi-regex@2.x` in dependency tree ✅
- CI `test-windows` job will validate the `reg query` approach on actual
Windows

## License

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

Author: aseemxs