[Aikido] Fix 11 security issues in next, chevrotain, streamdown

[aikido-autofix]

Upgrade Next.js, Chevrotain, and Streamdown to patch critical RCE and DoS vulnerabilities in React Server Components affecting server-side request handling.

✅ 11 CVEs resolved by this upgrade, including 2 critical 🚨 CVEs

This PR will resolve the following CVEs:

Issue	Severity	Description
AIKIDO-2025-10869	🚨 CRITICAL	[next] Unauthenticated remote code execution vulnerability in React Server Components allows attackers to craft malicious HTTP requests that can execute arbitrary code on the server, even without explicit Server Function endpoints.
CVE-2025-55182	🚨 CRITICAL	[next] Pre-auth RCE vulnerability in Server Components where unsafe deserialization of HTTP request payloads to Server Function endpoints allows remote attackers to execute arbitrary code without authentication.
GHSA-mwv6-3258-q52c	HIGH	[next] A crafted HTTP request to App Router endpoints can cause server process to hang and consume excessive CPU, leading to a potential denial of service (DoS) attack that prevents normal server operation.
GHSA-h25m-26qc-wcjf	HIGH	[next] A crafted HTTP request to App Router Server Function endpoints can trigger excessive CPU usage, out-of-memory exceptions, or server crashes, potentially causing a denial of service (DoS) condition through deserialization vulnerabilities.
AIKIDO-2025-10936	HIGH	[next] A crafted HTTP request to Server Functions can trigger an infinite deserialization loop in React, causing a denial-of-service (DoS) condition that hangs the server process and consumes excessive CPU resources, potentially affecting apps using React Server Components.
GHSA-w37m-7fhw-fmv9	MEDIUM	[next] Information disclosure vulnerability in App Router endpoints allows attackers to craft HTTP requests that can retrieve compiled source code of Server Functions, potentially exposing sensitive business logic and implementation details.
AIKIDO-2025-10937	MEDIUM	[next] A malicious HTTP request can be crafted and sent to any App Router endpoint that can return the compiled source code of Server Functions. This could reveal business logic, but would not expose secrets unless they were hardcoded directly into Server Function code.
AIKIDO-2026-10095	LOW	[next] Multiple DoS vulnerabilities in React Server Components allow crafting malicious HTTP requests that can trigger server crashes, out-of-memory conditions, or excessive CPU usage when using server-side React functionality.
CVE-2025-59471	LOW	[next] A DoS vulnerability in Image Optimizer allows memory exhaustion by requesting optimization of oversized images when remotePatterns permits external image loading, potentially causing application unavailability through out-of-memory conditions.
CVE-2025-13465	MEDIUM	[next] Prototype pollution vulnerability in _.unset and _.omit allows attackers to delete methods from global prototypes by crafting malicious paths, potentially disrupting object behavior without full code execution.
AIKIDO-2025-10843	LOW	[next] ReDoS vulnerability in markdown parsing allows crafted input to cause excessive regex backtracking, leading to performance degradation and potential denial of service through inefficient regular expression patterns.