fix(deps): fix handlebars critical security vulnerability

[olivierbagot]

Summary

• Upgrades @sap/cds-dk from 9.4.3 → 9.9.0, which pulls in @sap/hdi-deploy@5.6.1
• Adds overrides: { "handlebars": "4.7.9" } as a safety net to force the patched version across the entire dependency tree
• Resolves all handlebars CVEs flagged by Dependabot alert #69

Vulnerabilities fixed:

• GHSA-2w6w-674q-4c4q — JavaScript Injection via AST Type Confusion (critical, CVSS 9.8)
• GHSA-3mfm-83xf-c92r — JavaScript Injection via @partial-block (high, CVSS 8.1)
• GHSA-xhpv-hc6g-r9c6 — JavaScript Injection via dynamic partial (high, CVSS 8.1)
• GHSA-9cx6-37pm-9jff — DoS via malformed decorator syntax (high, CVSS 7.5)
• Several moderate/low severity issues

Test plan

• npm ls handlebars shows 4.7.9 for all entries
• npm audit reports no handlebars vulnerabilities
• Backend tests pass: npm run test
• Frontend tests pass: cd app/driver-vue && npm run test

[github-actions]

Package	Line Rate	Branch Rate	Complexity	Health
src	92%	67%	0	✔
src.components.badges	100%	100%	0	✔
src.components.dashboard.cards	100%	98%	0	✔
src.components.dashboard.layout	100%	100%	0	✔
src.components.layout	100%	56%	0	✔
src.components.sessions	100%	92%	0	✔
src.components.shared	90%	91%	0	✔
src.components.stations.detail	99%	90%	0	✔
src.components.stations.filter	90%	87%	0	✔
src.components.stations.list	97%	75%	0	✔
src.components.stations.map	93%	90%	0	✔
src.components.stations.shared	100%	96%	0	✔
src.composables	99%	95%	0	✔
src.composables.errors	100%	100%	0	✔
src.directives	97%	92%	0	✔
src.i18n	28%	100%	0	❌
src.pages	96%	80%	0	✔
src.router	92%	100%	0	✔
src.services	100%	100%	0	✔
src.store	96%	94%	0	✔
src.store.badges	91%	91%	0	✔
src.store.evse	87%	96%	0	✔
src.store.sessions	90%	96%	0	✔
src.store.utils	100%	100%	0	✔
src.utils.odata	92%	94%	0	✔
Summary	94% (4908 / 5221)	90% (1101 / 1218)	0	✔

[github-actions]

Package	Line Rate	Branch Rate	Complexity	Health
srv	96%	98%	0	✔
srv.utils	98%	96%	0	✔
Summary	97% (289 / 297)	97% (148 / 153)	0	✔