fix(ci): skip devDependencies in security audit

Transitive vulnerabilities (seroval, diff, file-type) come from
TUI framework devDependencies that are not shipped to production.
These cannot be fixed without upstream patches.

Author: Tarquinen

.github/workflows/pr-checks.yml

@@ -32,5 +32,5 @@ jobs:
               run: npm run build
 
             - name: Security audit
-              run: npm audit --audit-level=high
+              run: npm audit --omit=dev --audit-level=high
               continue-on-error: false