security: patch orjson DoS and harden frontend/container security

[RinZ27]

Updating dependencies and hardening components to improve overall security.

I've implemented the following changes:

• Patched orjson to address CVE-2025-67221. I noticed the project was using version 3.10.15, which is vulnerable to recursion-based DoS. Bumping it to >=3.11.5 mitigates this risk.
• Refactored transformPastedHTML in message-input.tsx to use DOMParser instead of innerHTML. This provides a more secure way to strip HTML and prevents potential Self-XSS when pasting content.
• Updated Dockerfile to use a non-root user. Running the application as appuser follows container security best practices and limits the attack surface.

These modifications ensure the project aligns with modern security standards while maintaining existing functionality. Verified the changes locally with uv sync.

[CLAassistant]

All committers have signed the CLA.