MLE-26608 - merge release changes into develop

This reverts commit 5518e9c.

This reverts commit 23d8bbd.

This reverts commit 70f361b.

Fix copyright end year and fix some JSDoc typos and incorrect statements caught by Copilot

Bumped minimatch, and added a force on serialize-javascript (used by mocha) and underscore (used by jsdoc).

Adds explicit top-level permissions: contents: read to limit the
default GITHUB_TOKEN scope for all jobs. Individual jobs that need
write access (copyright-validation) already declare their own
permissions block which overrides the default.

This follows the principle of least privilege recommended in
GitHub's PwnRequest security guidance.

…sions

PDP-1182 SECCMP-1797: Add top-level permissions to restrict default token

…rom-develop

PDP-1182: Remove per-repo pr-workflow.yaml

* MLE-28498 Permission fixes

This contains permission fixes for testing as a result of the 11.3.5 changes.

* MLE-28498 transform test fixes

Updated transforms tests to expect rest-transform-user as a result of 11.3.5 changes from ML-28684.

* MLE-28498 dmsdk fixes

Copilot fix for flakey dmsdk tests

* MLE-28498 Skip optic-fromDocs tests for < 12.1

After confirming with the MarkLogic Server team, op:from-docs is only supported in MLS 12.1 since it is a new feature. I have added a skip for anything lower than MLS 12.1

* MLE-27883 adapt cts.param in the Optic API for MLS 12.1

* MLE-27883 update Copyright

* MLE-27883 fix to  traverse the exported plan to verify the cts namespace

* MLE-28335 added fragment option in fromSearch

- Add 'fragment' option support to fromSearch() for MLS 12.1+
- Valid values: 'document' (default), 'properties', 'locks', 'any'
- Client-side validation in PlanSearchOption (plan-builder-base.js)
- Updated JSDoc for fromSearch() in plan-builder-generated.js
- Added xdmp-lock-acquire/release privileges to rest-evaluator role
  in both test-setup-users.js and rest-evaluator.json (Gradle config)
- Added fragment option integration tests to test-basic/plan-search.js
  (TC0-TC5, gated on serverVersion >= 12.1)

* MLE-28336 updated Copyright

* MLE-28335 update fromSearchDocs with fragment option

* MLE-28335 resolve npm audit vulnerabilities (0 remaining)

Security fixes:
- sanitize-html: 2.17.0 → ^2.17.4 (critical XSS via xmp passthrough, GHSA-rpr9-rxv7-x643)
- brace-expansion override: 2.0.2 → 5.0.6 (DoS via zero-step sequence, GHSA-f886-m6hf-6m8v)
- serialize-javascript override: 7.0.4 → 7.0.5 (CPU exhaustion DoS, GHSA-qj8w-gfj5-8c6v)
- diff override: added 9.0.0 (DoS in parsePatch/applyPatch for mocha 11.4+, GHSA-73rr-hh4g-fpgx)
- fast-uri, flatted, lodash, picomatch, postcss updated via npm audit fix

* MLE-28335 update scheduled trigger for regressions

* MLE-28335 skip cts.param integration tests for server < 12.1

* MLE-28335 fix to use the correct optic test database testconfig.restWriterConnection

* MLE-28583 xdmp.uriContentType and xdmp.uriFormat test fix

xdmp.uriContentType and xdmp.uriFormat are no longer callable and these tests should only run on ML11 or lower

* MLE-28583 transform user test fix

The previous change was a regression fixed by the ML server team and the test has been updated to reflect the correct behavior

* MLE-29694 update qs to 6.15.2

* MLE-29694 fixed flaky fragment option tests for fromSearch

* MLE-29694 fixed flaky fragment option tests

* MLE-29694 fixed typo in comment

* MLE-30684 Switch to Harness Artifact Registry

* MLE-30684 npm audit non blocking in Jenkins