fix: resolve npm vulns and unbreak nix dev shell

[tembleking]

fast-uri and tmp had high-severity path traversal advisories; npm update + npm audit fix clears both (found 0 vulnerabilities).

The nixpkgs bump in just update dropped the nodePackages set, breaking the dev shell. Moved typescript-language-server and eslint to top-level pkgs so it builds again.

Also rolls in the routine just update bumps: cli-scanner 1.26 -> 1.27, pinned action SHAs (pinact), and flake.lock.

114/114 tests pass, dist/ regenerated.

[mateobur]

Approving. Reviewed the version bump, the regenerated dist/, the nix change, and the dependency churn.

• cli-scanner 1.26.0 to 1.27.0 is consistent across src/infrastructure/sysdig/SysdigCliScannerConstants.ts, dist/index.js, action.yml, and the README. The only residual 1.26.0 strings are in tests/fixtures/vm/sarif-test.json, which is an unrelated commons-compress CVE fix version.
• dist/index.js matches src: the only first-party change is the version constant, and the rest of the churn is a genuine ncc rebuild tracking the undici 7.25.0 to 7.29.7 bump.
• The flake.nix dev shell fix is correct: typescript-language-server and eslint move to top-level buildInputs with no leftover nodePackages.* references, and flake.lock updates consistently.
• All dependency bumps are minor or patch, package.json untouched. The four pinned action SHAs are real 40-char pins matching their version comments.
• CI all green, which backs the 114/114 tests and 0 vulnerabilities claim.

Thanks!