Fix security alerts in dev dependencies

[lancewillett]

Summary

• Refresh package-lock.json for vulnerable transitive npm dev dependencies: basic-ftp, form-data, and simple-git.
• Refresh composer.lock for the phpunit/phpunit security advisory, updating PHPUnit to 9.6.34 and its related dev-only packages.

Validation

• npm ci
• npm run build
• npm run check-types
• npm run format:check
• npm run lint:js
• npm run lint:css
• npm run test:js
• composer phpcs
• composer psalm
• composer test
• npm audit --audit-level=critical
• composer audit --locked
• git diff --check

Notes

npm audit --audit-level=critical and composer audit --locked now pass. The remaining npm high/medium/low findings are in the broader WordPress tooling tree and need a separate owner-reviewed package update.

[github-actions]

Test this PR in [WordPress Playground](https://playground.wordpress.net/#{"landingPage":"/wp-admin/admin.php?page=remote-data-blocks-settings","features":{"networking":true},"login":true,"preferredVersions":{"php":"8.2","wp":"latest"},"steps":[{"step":"setSiteOptions","options":{"blogname":"Remote Data Blocks PR#730","blogdescription":"Explore the Remote Data Blocks plugin in a WordPress Playground"}},{"step":"installPlugin","pluginZipFile":{"resource":"url","url":"https://github.com/Automattic/remote-data-blocks/releases/download/ci-artifacts/pr-730-51e25d67a4b5739039712d9abed016a3bdee250d.zip"},"options":{"activate":true,"targetFolderName":"remote-data-blocks"}}]}).