[js] Enable npmMinimalAgeGate for supply chain security (#25688)

## Summary

- Upgrade Yarn 4.5.0 → 4.13.0 (feature introduced in 4.10.0)
- Enable `npmMinimalAgeGate: 720` (12 hours) to block resolution of
recently-published npm packages, mitigating typosquatting, account
takeover, and dependency confusion attacks
- Preapprove `@lightsparkdev/*` packages via `npmPreapprovedPackages` so
internal workspace dependencies are unaffected

Mirrors lightsparkdev/spark#5955 for the webdev JS monorepo.

## Test plan

- [x] `yarn config get npmMinimalAgeGate` returns `720`
- [x] `yarn config get npmPreapprovedPackages` returns
`["@lightsparkdev/*"]`
- [x] `yarn install` succeeds with all current lockfile packages (all
>12h old)
- [x] `yarn --version` returns `4.13.0`
- [x] Pre-commit hooks pass (install + format)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GitOrigin-RevId: ab033a03d7899b8c962e396f9e175b3f08f2fded

Author: 2 people

.yarn/releases/yarn-4.13.0.cjs

@@ -4,4 +4,9 @@ enableGlobalCache: false
 
 nodeLinker: node-modules
 
-yarnPath: .yarn/releases/yarn-4.5.0.cjs
+npmMinimalAgeGate: 720
+
+npmPreapprovedPackages:
+  - "@lightsparkdev/*"
+
+yarnPath: .yarn/releases/yarn-4.13.0.cjs

.yarn/releases/yarn-4.5.0.cjs

@@ -71,5 +71,5 @@
   "engines": {
     "node": ">=18"
   },
-  "packageManager": "yarn@4.5.0"
+  "packageManager": "yarn@4.13.0"
 }