fix: resolve path-to-regexp ReDoS vulnerability in budget service (#8)

- Ran npm audit fix on services/budget — updated path-to-regexp
- npm audit now reports 0 vulnerabilities
- CI enforcement deferred (no Gitea CI runner configured)

Partial fix for #8 — vulnerability resolved, CI setup remaining.

services/budget/package-lock.json

@@ -960,9 +960,9 @@
       }
     },
     "node_modules/path-to-regexp": {
-      "version": "0.1.12",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
-      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==",
+      "version": "0.1.13",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz",
+      "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==",
       "license": "MIT"
     },
     "node_modules/prebuild-install": {