chore(renovate): pin action to v40.3.0, fix inputs per spec

Add pnpm.overrides.elliptic to prevent version regression on
the transitive elliptic vulnerability (CVE-2025-14505).

Vulnerability path:
@kinvolk/headlamp-plugin → vite-plugin-node-polyfills →
node-stdlib-browser → crypto-browserify → browserify-sign → elliptic

Note: pnpm audit will still report the vulnerability until
upstream publishes elliptic 6.6.2+. This override safeguards
against pulling a worse version.

Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>

.github/workflows/renovate.yml

@@ -0,0 +1,14 @@
+name: Renovate
+on:
+  schedule:
+    - cron: '0 3 * * *'
+  workflow_dispatch:
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: renovatebot/github-action@v40.3.0
+        with:
+          configurationFile: renovate.json
+          renovate-json5: true

package.json

@@ -45,6 +45,7 @@
   "overrides": {
     "tar": "^7.5.11",
     "undici": "^7.24.3",
-    "lodash": ">=4.18.0"
+    "lodash": ">=4.18.0",
+    "elliptic": ">=6.6.1"
   }
 }