Reduce backend dependency audit exposure

[sidhujag]

Summary

• Update vulnerable direct dependencies including axios, express/body-parser, papaparse, moment, and systeminformation.
• Remove unused pm2 from runtime dependencies; deployment docs still install pm2 globally when desired.
• Add a production dependency audit CI gate and document the remaining syscoinjs-lib transitive audit findings that require separate upstream/breaking-change review.

Test plan

• npm run audit:prod
• npm test -- --runInBand

Audit notes

• npm audit fix was run without --force.
• Remaining production findings are under syscoinjs-lib's Ethereum proof dependency path; npm audit fix --force proposes a breaking syscoinjs-lib path, so this PR does not force it.

Made with Cursor

[sidhujag]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. You're on a roll.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".