[AZ-501] [AZ-502] Cycle 2 Step 14 security audit + inline fixes

Security audit (5 phases) → reports under _docs/05_security/.

AZ-501 (F-SAST-1, HIGH): Externalize hardcoded Google Geocode key
from mission-planner/src/config.ts to VITE_GOOGLE_GEOCODE_KEY via
new GeocodeService.ts; fail-soft warn when unset; STC-SEC1D static
deny-list gate; +5 unit tests in tests/mission_planner_geocode.test.ts.

AZ-502 (F-DEP-1, HIGH): Force vite>=6.4.2 and postcss>=8.5.10 via
package.json overrides in both roots; clean reinstall clears all
bun audit advisories.

Test-spec sync (Step 12) + Update Docs (Step 13) deltas: AC-43, AC-44,
NFT-SEC-09b, FT-P-61, FT-N-17, ripple log, batch_12 report.

Pending user actions: revoke Google + OWM keys (AC-6 / AZ-499 AC-7).

229 PASS / 13 SKIP / 0 FAIL on static + fast suites.

Co-authored-by: Cursor <cursoragent@cursor.com>

package.json

@@ -33,6 +33,10 @@
     "react-leaflet-draw": "^0.21.0",
     "react-router-dom": "^7.4.0"
   },
+  "overrides": {
+    "vite": ">=6.4.2",
+    "postcss": ">=8.5.10"
+  },
   "devDependencies": {
     "@playwright/test": "^1.49.0",
     "@tailwindcss/vite": "^4.1.1",
@@ -51,7 +55,7 @@
     "msw": "^2.7.0",
     "tailwindcss": "^4.1.1",
     "typescript": "~5.7.2",
-    "vite": "^6.2.0",
-    "vitest": "^3.0.0"
+    "vite": "^6.4.2",
+    "vitest": "^3.2.4"
   }
 }