build(deps-dev): Bump tar from 6.2.1 to 7.5.6

Resolves alerts for several security advisories such as:
GHSA-r6q2-hw4h-h46w
GHSA-8qq5-rm4j-mr97

As per our assessment those vulnerabilities are not exploitable in the context of UI5 CLI.
The affected versions of tar are used in dev dependencies only.

This commit also includes a minor bump of lodash to address GHSA-xxjr-mmjv-4gpg
which is also not exploitable in the context of UI5 CLI.

Author: matz3

package-lock.json

@@ -51,6 +51,17 @@
 		"licensee": "^11.1.1",
 		"local-web-server": "^5.4.0"
 	},
+	"overrides": {
+		"pacote@<=20": {
+			"tar": "^7.5.6"
+		},
+		"cacache@18": {
+			"tar": "^7.5.6"
+		},
+		"node-gyp@10": {
+			"tar": "^7.5.6"
+		}
+	},
 	"workspaces": [
 		"packages/*",
 		"internal/*"