fix(deps): ensure tar override works for npm installs

[jamietanna]

Changes

It appears that the override we specified for tar only takes effect
when Renovate is built via pnpm.

However, if users install via npm install, the npm doesn't
(rightfully) understand the pnpm.overrides.

This is a follow-up to #40766.

Context

Please select one of the below:

• This closes an existing Issue: Closes #
• This doesn't close an Issue, but I accept the risk that this PR may be closed if maintainers disagree with its opening or implementation

AI assistance disclosure

Did you use AI tools to create any part of this pull request?

Please select one option and, if yes, briefly describe how AI was used (e.g., code, tests, docs) and which tool(s) you used.

• No — I did not use AI for this contribution.
• Yes — minimal assistance (e.g., IDE autocomplete, small code completions, grammar fixes).
• Yes — substantive assistance (AI generated non‑trivial portions of code, tests, or documentation).
• Yes — other (please describe):

Documentation (please check one with an [x])

• I have updated the documentation, or
• No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

• Code inspection only, or
• Newly added/modified unit tests, or
• No unit tests but ran on a real repository, or
• Both unit tests + ran on a real repository

The public repository:

[jamietanna]

I think this will mean it's always that version, so we'll need to make sure to update this once yarnpkg/core is updated to use a new version? yarnpkg/berry#7039

[viceice]

I'm not sure if we really should do this 🤔

[jamietanna]

Thoughts on alternatives? Or do we think there's not a good option for folks installing via npm?