chore: bump vitest to ^4.1.0 to resolve GHSA-5xrq-8626-4rwp

[brax10ward]

Linear Link

https://linear.app/atomicbuilt/issue/SDK-644/bump-vitest-to-410-to-resolve-critical-cve-ghsa-5xrq-8626-4rwp

Dependency security fix (GHSA-5xrq-8626-4rwp) surfaced during the SDK-613 license audit; tracked separately from the SDK-613 license PR (#34).

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Refactor (non-breaking change which cleans up code)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update
• This change impacts security

Checklist:

• New and existing tests pass locally with my changes
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• I have followed the Code Review and Code Review Security guidelines
• I have checked my code against flaws from the OWASP Top 10
  • A01:2021-Broken Access Control
  • A02:2021-Cryptographic Failures
  • A03:2021-Injection
  • A04:2021-Insecure Design
  • A05:2021-Security Misconfiguration
  • A06:2021-Vulnerable and Outdated Components
  • A07:2021-Identification and Authentication Failures
  • A08:2021-Software and Data Integrity Failures
  • A09:2021-Security Logging and Monitoring Failures
  • A10:2021-Server-Side Request Forgery