fix: get ESLint running and address low risk violations

[JillRegan]

Summary

The repo's ESLint config file was named .estlintrc.yml (est instead of esl), so ESLint silently used no config and npm run lint exited 0 against any state of the codebase. The lint script in package.json was also missing a target path. After repairing both, lint surfaced 525 violations that had accumulated over the years. This PR addresses the low risk ones while documenting the remaining disabled rules with TODO comments. A follow-up ticket has been created to address the rest.

Changes in this PR

• Renamed .estlintrc.yml-> .eslintrc.yml.
• Fixed package.json to actually target src and __test__.
• Updated deprecated plugin:no-unsanitized/DOM → plugin:no-unsanitized/recommended-legacy.
• Removed stale @typescript-eslint/tslint/config inline disable comments left over from the old TSLint migration. The plugin isn't installed, so each reference was emitting "Definition for rule not found" errors.
• Addressed several low risk violations across the codebase

Security fix:

• Bumped typescript-eslint/parser and typescript-eslint/eslint-plugin from 6.21.0 to ^8.0.0. Which pulls in a non vulnerable minimatch.
• Removed eslint-plugin-deprecation its deps cap at typescript-eslint v7 and the functionality is now built into typescript-eslint v8 as typescript-eslint/no-deprecated

⚠️ Note that I have disabled several linting rules for now as there is a much larger lift here needed to address them on the future.