refactor: simplify plugin dependency handling

Simplify plugin installation and runtime loading around package-manager-owned dependencies, with Jiti reserved for local/TS fallback paths.

Also scans npm plugin install roots so hoisted transitive dependencies are covered by dependency denylist and node_modules symlink checks.

scripts/lib/dependency-ownership.json

@@ -142,6 +142,11 @@
       "class": "default-runtime-initially",
       "risk": ["provider-sdk", "network"]
     },
+    "playwright-core": {
+      "owner": "core:browser",
+      "class": "core-runtime",
+      "risk": ["browser-automation", "cdp"]
+    },
     "pdfjs-dist": {
       "owner": "plugin:document-extract",
       "class": "plugin-runtime",
@@ -158,11 +163,6 @@
       "class": "default-runtime-initially",
       "risk": ["terminal-rendering", "png-encoding"]
     },
-    "semver": {
-      "owner": "core:package-versioning",
-      "class": "core-runtime",
-      "risk": ["version-parser"]
-    },
     "sharp": {
       "owner": "plugin:media-understanding-core",
       "class": "plugin-runtime",