fix: add elliptic override as safeguard for GHSA-848j-6mx2-7j84

Clarify PR title and add inline comment explaining:
- No patched version exists yet
- Override is a forward-looking safeguard
- Will auto-resolve when upstream publishes 6.6.2+

Co-Authored-By: Paperclip <noreply@paperclip.ing>

package.json

@@ -40,6 +40,8 @@
     "vite-plugin-svgr": "^4.5.0",
     "vitest": "^3.0.5"
   },
+  // Override for GHSA-848j-6mx2-7j84 (transitive via vite-plugin-node-polyfills → crypto-browserify → browserify-sign → elliptic).
+  // No patched version exists yet; this is a forward-looking safeguard that auto-resolves when upstream publishes 6.6.2+.
   "pnpm": {
     "overrides": {
       "elliptic": ">=6.6.1"