[Aikido] Fix security issue in node-forge via minor version upgrade from 1.3.2 to 1.4.0

[aikido-autofix]

Upgrade node-forge to fix critical certificate chain validation bypass and medium-severity DoS, signature forgery, and Ed25519 malleability vulnerabilities.

⚠️ Breaking changes in this upgrade

All breaking changes by upgrading node-forge from version 1.3.2 to 1.4.0 (CHANGELOG)

Version	Description
1.4.0	BigInteger.modInverse() now exits early with zero when the target object value is <= 0, instead of entering an infinite loop
1.4.0	RSA PKCS#1 v1.5 signature verification now rejects signatures that lack the required minimum of 8 bytes of padding
1.4.0	RSA signature verification now rejects forged signatures with extra fields in the ASN.1 DigestInfo structure (requires sequence length of two)
1.4.0	Ed25519 signature verification now rejects non-canonical signatures where scalar S >= L (group order)
1.4.0	pki.verifyCertificateChain() now rejects certificate chains where intermediate certificates lack basicConstraints extension

✅ 4 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-33896	HIGH	[node-forge] A vulnerability in certificate chain verification fails to enforce basicConstraints requirements when intermediate certificates lack specific extensions, allowing leaf certificates to act as CAs and sign other certificates that are incorrectly validated as legitimate.
CVE-2026-33891	MEDIUM	[node-forge] An infinite loop in the BigInteger.modInverse() function causes a Denial of Service when called with zero input, hanging the process and consuming 100% CPU due to an unreachable exit condition in the Extended Euclidean Algorithm.
CVE-2026-33894	MEDIUM	[node-forge] RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3) due to improper ASN structure validation and insufficient padding checks. This allows attackers to forge signatures via Bleichenbacher-style attacks, enabling authentication bypass.
CVE-2026-33895	MEDIUM	[node-forge] Ed25519 signature verification accepts forged non-canonical signatures with unreduced scalars, allowing signature malleability attacks that bypass authentication, authorization, and deduplication logic. This enables attackers to forge valid signatures that differ from canonical ones.

🔗 Related Tasks

• https://aikido.atlassian.net/browse/AIK-11288
• https://aikido.atlassian.net/browse/AIK-15816