ci: disable Yarn hardened mode for public PR installs (#549)

Yarn 4 auto-enables hardened mode on public PRs, blocking lockfile
updates from dependabot. Set YARN_ENABLE_HARDENED_MODE=0 on the
install step in all three jobs so CI can complete.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: charlieforward9

.github/workflows/test.yml

@@ -39,6 +39,8 @@ jobs:
 
       - name: Install dependencies
         run: yarn
+        env:
+          YARN_ENABLE_HARDENED_MODE: 0
 
       - name: Lint
         run: yarn lint
@@ -77,6 +79,8 @@ jobs:
 
       - name: Install dependencies
         run: yarn
+        env:
+          YARN_ENABLE_HARDENED_MODE: 0
 
       - name: Build packages
         run: yarn build
@@ -231,6 +235,8 @@ jobs:
 
       - name: Install dependencies
         run: yarn
+        env:
+          YARN_ENABLE_HARDENED_MODE: 0
 
       - name: Build packages
         run: yarn build