fix(deps): upgrade vite 5.4 -> 8.0 to clear 2 moderate Dependabot alerts

Resolves the two moderate-severity advisories Dependabot reports against
the ui/ project on the default branch:

  - GHSA-67mh-4wv8-2f99 (esbuild dev server CORS, CWE-346, CVSS 5.3) —
    transitive via vite 5.x's pinned esbuild 0.21.5.
  - GHSA-4w7w-66w2-5vf9 (Vite path traversal in optimized deps `.map`
    handling, CWE-22/CWE-200) — affects vite ≤ 6.4.1.

Both share the same fix path (vite ≥ 8.0.8). Vite 8 also drops esbuild
in favour of rolldown, so the esbuild advisory is structurally gone
rather than just patched.

Verified locally: `npm install` clean, `npx vite --version` reports
8.0.8, `npm audit` reports 0 vulnerabilities, and vite.config.mjs
(defineConfig with resolve.preserveSymlinks + server.proxy /api → 4077)
parses unchanged under the new version. Node engine requirement
(^20.19.0 || >=22.12.0) is satisfied by the existing toolchain.

https://claude.ai/code/session_014ME3ph3UecQQAPQDKY2HPf

Author: claude