fix: upgrade grunt-contrib-pug to eliminate deprecated core-js dependency

[harekrishnarai]

Description

This PR resolves a security vulnerability (SEC-3570) by eliminating the deprecated core-js@2.6.12 dependency from the project's dependency tree.

Background:
The project was using grunt-contrib-pug@1.0.0 which had a transitive dependency on deprecated core-js@2.6.12 through the following chain:

grunt-contrib-pug@1.0.0 → pug@2.0.4 → constantinople@3.1.2 → babel-types@6.26.0 → babel-runtime@6.26.0 → core-js@2.6.12

Security Impact:

• core-js@<3.23.3 is no longer maintained and not recommended for usage
• Could cause performance degradation up to 100x due to V8 engine feature detection issues
• Has known web compatibility issues in some versions

Solution:
Upgraded grunt-contrib-pug from 1.0.0 to 3.0.0, which uses modern pug@3.0.3 and eliminates the entire deprecated dependency chain.

Implementation Details:

• No breaking changes: The upgrade is backward compatible
• No API changes: All existing Pug template functionality remains unchanged
• Modern dependencies: Now uses actively maintained packages
• Zero impact: Build process, webpack compilation, and site functionality remain intact

References

• Security Issue: SEC-3570 - Deprecated core-js dependency vulnerability
• Priority Score: 210 (Medium Severity)
• Source: socket.dev vulnerability scan
• JIRA Ticket: https://auth0team.atlassian.net/browse/SEC-3570

Testing

Security Verification:

# Verify no deprecated packages
npm ls | grep -i deprecated
# Result: (empty) ✅

# Verify no core-js@2.6.12 in dependency tree  
npm ls core-js
# Result: (empty) ✅

# Security audit shows zero vulnerabilities
npm audit --only=prod
# Result: found 0 vulnerabilities ✅

# Verify grunt-contrib-pug version
npm ls grunt-contrib-pug
# Result: grunt-contrib-pug@3.0.0 ✅

Functionality Testing:

# Build process works correctly
npm run build
# Result: ✅ Successful compilation

# Webpack builds complete without errors
# Result: ✅ All 6 entry points compiled successfully

# Pug template processing unchanged
# Result: ✅ All .pug files compiled to HTML correctly

Environment:

• Node.js: v20.19.0
• npm: 10.8.2
• Dependencies: No breaking changes, all existing functionality preserved

Manual Testing:

• Website loads and functions correctly

• All WebAuthn functionality works as expected

• Build artifacts are identical in structure and functionality

• No UI changes or regressions observed

• This change adds test coverage for new/changed/fixed functionality

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not master

[harekrishnarai]

An ESD ticket has been filed for this PR.