chore: Bump Yarn to 4.10.3 and configure NPM age gate (#3691)

## Explanation

This bumps Yarn to the latest version (`4.10.3`), which includes support
for setting an age gate for NPM packages. It's set to 3 days following
the security recommendations, meaning that packages must be at least 3
days old to be installed.

## References

MetaMask/metamask-module-template#270

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Upgrades Yarn to 4.10.3, adds a 3-day npm age gate with preapproved
packages, and updates related configs and LavaMoat policy references.
> 
> - **Build/Config**:
> - **Yarn upgrade**: Set `yarnPath` and root `packageManager` to
`[email protected]` in `.yarnrc.yml`, `package.json`, and `yarn.config.cjs`.
> - **NPM age gate**: Add `npmMinimalAgeGate: 4320` and
`npmPreapprovedPackages` (`@metamask/*`, `@lavamoat/*`) in
`.yarnrc.yml`.
> - **LavaMoat policy**:
> - Update `policy.json` to reference `depcheck>readdirp>picomatch`
instead of `ts-loader>micromatch>picomatch` in relevant entries.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
635d8c1. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: MetaMask Bot <[email protected]>

Author: Mrtenz

.yarn/releases/yarn-4.10.3.cjs

@@ -18,4 +18,14 @@ plugins:
   - path: .yarn/plugins/local/plugin-workspaces-filter.js
   - path: .yarn/plugins/local/plugin-lifecycle-scripts.js
 
-yarnPath: .yarn/releases/yarn-4.4.1.cjs
+yarnPath: .yarn/releases/yarn-4.10.3.cjs
+
+# Configure the NPM minimal age gate to 3 days, meaning packages must be at
+# least 3 days old to be installed.
+npmMinimalAgeGate: 4320 # 3 days (in minutes)
+
+# Override the minimal age gate, allowing certain packages to be installed
+# regardless of their publish age.
+npmPreapprovedPackages:
+  - '@metamask/*'
+  - '@lavamoat/*'

.yarn/releases/yarn-4.4.1.cjs

@@ -122,7 +122,7 @@
     "typescript-eslint": "^8.6.0",
     "vite": "^6.2.7"
   },
-  "packageManager": "yarn@4.4.1",
+  "packageManager": "yarn@4.10.3",
   "engines": {
     "node": "^20 || >=22"
   },

.yarnrc.yml

@@ -818,7 +818,7 @@
       },
       "packages": {
         "ts-loader>micromatch>braces": true,
-        "ts-loader>micromatch>picomatch": true
+        "depcheck>readdirp>picomatch": true
       }
     },
     "webpack>mime-types": {
@@ -860,7 +860,7 @@
         "process": true
       }
     },
-    "ts-loader>micromatch>picomatch": {
+    "depcheck>readdirp>picomatch": {
       "builtin": {
         "path.basename": true,
         "path.sep": true

package.json

@@ -241,7 +241,7 @@ module.exports = defineConfig({
       if (isChildWorkspace) {
         workspace.unset('packageManager');
       } else {
-        expectWorkspaceField(workspace, 'packageManager', 'yarn@4.4.1');
+        expectWorkspaceField(workspace, 'packageManager', 'yarn@4.10.3');
       }
 
       // All packages must specify a minimum Node.js version of 18.18.