feat: modernize codex

[avirtopeanu-ionos]

• Migrate from deprecated @oclif/command v1 to @oclif/core v3, including updated
  flag/arg definitions, async parse(), and bin/run entrypoint
• Replace deprecated cli-ux with direct process.stdout.write calls
• Update all dependencies to current major versions: TypeScript 5, axios 1.7, chalk
  4, diff 7, mocha 10, eslint 8, nyc 17, etc.
• Bump minimum Node.js engine from >=8.0.0 to >=18.0.0 and CI matrix from Node 14/15
  to 18/20/22
• Update GitHub Actions from v1/v2 to v4 (actions/checkout, actions/setup-node)
• Bump TypeScript target from es2017 to es2020
• Fix unsafe optional chaining in S3 storage (this.apiConfig?.format could produce
  "baseline.undefined")
• Remove useless catch (error) { throw error } in config service
• Re-enable no-useless-catch and no-unsafe-optional-chaining ESLint safety rules
• Remove accidentally committed tsconfig.tsbuildinfo build artifact and add it to
  .gitignore
• Add explicit catch (error: any) annotations throughout for TypeScript strict mode
  compatibility
• Modernize import syntax (import x = require(...) to ES module imports)
• Migrate to aws-sdk v3

Breaking changes

• Requires Node.js >= 18 (previously >= 8)
• Node 8 EOL:
  Active Support Ended: December 31, 2019.
  Security Risk: Running applications on Node 8 today poses significant security risks as it is unmaintained.
• Node.js 16 reached its official end-of-life (EOL) on September 11, 2023. It no longer receives security updates, bug fixes, or maintenance, making it insecure for production environments.

What remains (24 dev-only, unfixable without upstream changes)

• 23 high — minimatch < 10.2.1 in eslint, mocha, nyc and their transitive deps
• 1 moderate — ajv < 8.18.0 in eslint

Why these can't be fixed right now:

• minimatch@10 changed its export API (no default export, not callable as a
  function). Every affected dev package (@eslint/eslintrc, mocha@10, test-exclude@6)
  uses the old require('minimatch')(...) or import minimatch from 'minimatch' pattern.
  Overriding breaks them at runtime.
• ajv@8 has an entirely different API from ajv@6. Even eslint@10 still depends on
  ajv@^6. No 6.x backport exists.
• Both vulns are ReDoS requiring attacker-controlled inputs (glob patterns / JSON
  schemas) — not exploitable in a dev-tooling context where inputs come from your own
  config files.