Fix: picomatch HIGH severity security vulnerabilities (#312)

Security audit detected 2 HIGH severity vulnerabilities in picomatch:
- ReDoS via extglob quantifiers (GHSA-c2c7-rcm5-vvqj)
- Method Injection in POSIX Character Classes (GHSA-3v7f-55p6-f55p)

Changes:
- Add npm overrides for picomatch@4.0.4 in root package.json
- Add picomatch@4.0.4 as devDependency in frontend package.json
- Update package-lock.json to reflect new dependency versions

Fixes #312

Author: Claude Code