fix: resolve Node.js audit CI failures (#274)

## Summary
- Add missing `.nvmrc` file (Node 22) required by the reusable
`node-audit.yml` workflow, which defaults `node-version-file` to
`.nvmrc`
- Fix 3 npm audit findings (2 high, 1 moderate) via `npm audit fix`:
- **lodash** <=4.17.23: Code Injection via `_.template`
(GHSA-r5fr-rjxr-66jc) and Prototype Pollution via `_.unset`/`_.omit`
(GHSA-f23m-r3pf-42rh)
- **path-to-regexp** <0.1.13: ReDoS via multiple route parameters
(GHSA-37ch-88jc-xwx2)
- **ajv** <6.14.0: ReDoS when using `$data` option (GHSA-2g4f-4pwh-qvx6)

## Root cause
The Security workflow calls
`netresearch/.github/.github/workflows/node-audit.yml` which defaults
`node-version-file` to `.nvmrc`. Since the repo had no `.nvmrc`,
`actions/setup-node` failed before npm audit ever ran. Even if
setup-node had succeeded, the audit would have failed on the lodash and
path-to-regexp high-severity findings.

## Test plan
- [ ] Verify Node.js Audit CI check passes (`.nvmrc` found, `npm audit`
clean)
- [ ] Verify CI workflow still passes (no breaking dependency changes)

Author: CybotTM

.nvmrc

@@ -0,0 +1 @@
+22