feat: update zod to 3.25 and explicitly import zod/v3

[apaleslimghost]

in #998 i'm going need to update to Zod v4, because how Zod v3 handles defaults doesn't let me detect if the default is being used so i can print a deprecation warning.

starting with Zod v3.25, Zod v3 and v4 are exported as subpaths. this means we can update to Zod v4 without a breaking change by doing the following:

1. update to Zod v3.25 and import zod/v3 👈🏻 you are here
2. switch to importing zod/v4, and make any changes to the schemas necessary with v4

core/cli doesn't rely on plugins using any particular version of Zod; it's just doing safeParse, which is compatible between v3 and v4. this PR also updates to zod-validation-error v3.5 which is also compatible with both versions of Zod.

this PR also adds regression tests for (almost all) schemas (didn't bother doing them for deprecated plugins like heroku and nodemon. we're not testing every possible combination of invalid inputs etc, just higher-level behaviour like defaults and object passthrough that may behave differently in Zod v4.

edit: a Zod 4.x package hasn't been published yet; the update route for Zod v4 is to update to 3.25 and import zod/v4

edit 2: Zod 4.x has now been published; updating dependencies to that can be done as a followup step

[ivomurrell]

issue: i don't think zod needs to be a peer dependency of each plugin – what's the benefit of moving it from a dependency?

suggestion: I also don't think it needs to be a peer dependency of core/cli either; the same rationale I gave here should still apply.

question: has the new zod version been tested to be compatible? i know it initially included some changes that were not semver-compatible (like dropping CJS support) due to the infrastructure overhaul and not sure what the current state is.

[apaleslimghost]

discussed with @ivomurrell offline:

• i'm going to switch back to a non-peer dependency on Zod. updating to 4.x in a plugin (later) won't be a breaking change for that plugin; it will need to update its peer dependency on dotcom-tool-kit to require a minimum version of one that supports plugins with v4 schemas
• we'll need to eventually import both zod-validation-error/v3 and zod-validation-error/v4, detect which version a Zod error is from, and format it using the right version. this is the only hard requirement in core/cli on plugins having a schema from a particular version of Zod.
• Zod 3.25 is compatible; this is covered by our schema tests and the fact this PR builds

[apaleslimghost]

tests are currently failing because we're not stripping ANSI in the Zod error message; i'll need to cherry pick part of ce3fd72 from #679 into here