fix(security): upgrade tar to 7.5.3 for GHSA-8qq5-rm4j-mr97 (#298)

Adds npm override to force tar@7.5.3 across all dependencies to fix
path sanitization vulnerability (CVE-2026-23745). Also adds third-party
license notice for Blue Oak Model License 1.0.0.

Author: Artmann

README.md

@@ -119,6 +119,12 @@ Once enabled, snapshots are automatically created when you execute notebooks. Yo
 
 Want to contribute? Check out our [Contributing guide](CONTRIBUTING.md) for detailed setup instructions.
 
+## Third-party licenses
+
+This project includes the following third-party packages with notable licenses:
+
+- **tar** - Licensed under the [Blue Oak Model License 1.0.0](https://blueoakcouncil.org/license/1.0.0)
+
 ---
 
 <div align="center">