fix(e2e): use @main ref for reusable workflow after pnpm fix (PRI-859)

Add pnpm.overrides.elliptic to prevent version regression on
the transitive elliptic vulnerability (CVE-2025-14505).

Vulnerability path:
@kinvolk/headlamp-plugin → vite-plugin-node-polyfills →
node-stdlib-browser → crypto-browserify → browserify-sign → elliptic

Note: pnpm audit will still report the vulnerability until
upstream publishes elliptic 6.6.2+. This override safeguards
against pulling a worse version.

Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>

.github/workflows/e2e.yaml

@@ -16,7 +16,7 @@ concurrency:
 
 jobs:
   e2e:
-    uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@hugh/add-pnpm-support-plugin-e2e
+    uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@main
     with:
       node-version: '22'
       headlamp-version: v0.40.1

package.json

@@ -50,6 +50,7 @@
     "tar": "^7.5.11",
     "undici": "^7.24.3",
     "vite": ">=6.4.2",
-    "lodash": ">=4.18.0"
+    "lodash": ">=4.18.0",
+    "elliptic": ">=6.6.1"
   }
 }