Fix eslint 10 upgrade: resolve peer dependency conflicts and remove vulnerable unused deps

[Copilot]

eslint-plugin-import@2.32.0 only declares peer support up to eslint ^9, causing npm ci to fail with ERESOLVE on all jobs. ESLint 10 also no longer bundles @eslint/eslintrc or @eslint/js.

Dependency changes

• Removed eslint-plugin-import, eslint-import-resolver-typescript, @eslint/compat — all import/ rules in the config were already disabled, so these provided no value
• Added @eslint/eslintrc ^3.3.4 and @eslint/js ^10.0.1 explicitly — required by eslint.config.mjs but no longer bundled by ESLint 10
• Removed prettier-eslint — unused devDependency pulling in @typescript-eslint/typescript-estree@6-7.x → minimatch@9.0.0–9.0.6 (4 high CVEs)
• Upgraded @typescript-eslint/eslint-plugin + @typescript-eslint/parser → ^8.56.1, rollup → ^4.59.0

Override changes

• Removed @typescript-eslint/typescript-estree: {minimatch: "^9.0.7"} — that package now requires minimatch@^10.2.2 directly; override was stale and producing invalid warnings
• Kept @actions/artifact: "^6.2.0" and @actions/github: "^9.0.0" — confirmed security-necessary: removing them allows @github/local-action to pull in undici < 6.23.0 (GHSA-g9mf-h72j-4rw9, 5 moderate CVEs)

Config changes

Removed from eslint.config.mjs:

-import { fixupPluginRules } from '@eslint/compat'
-import _import from 'eslint-plugin-import'
 ...
-    plugins: {
-      import: fixupPluginRules(_import),
-    },
-    settings: {
-      'import/resolver': { typescript: { alwaysTryTypes: true, project: 'tsconfig.json' } }
-    },
     rules: {
-      'import/no-namespace': 'off',
     }

Workflow changes

• Removed branches: [main] filter from the pull_request: trigger in all 5 workflow files (ci.yml, check-dist.yml, linter.yml, codeql-analysis.yml, signal-test.yml) — workflows now run on PRs targeting any base branch; push: triggers remain scoped to main

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[eriksw]

@copilot It is not possible to verify the correctness of this sub-pr because the workflows are configured to only run on PRs with the main base branch. Reconfigure PR workflows to run whatever the base branch is.

[Copilot]

@copilot It is not possible to verify the correctness of this sub-pr because the workflows are configured to only run on PRs with the main base branch. Reconfigure PR workflows to ru...

Done in d7f54d5. Removed the branches: [main] filter from the pull_request: trigger in all 5 workflow files (ci.yml, check-dist.yml, linter.yml, codeql-analysis.yml, signal-test.yml). The push: triggers remain scoped to main so pushes to feature branches don't trigger unnecessary runs.