chore(deps): make `node-fetch` 2.x depend on `whatwg-url` 14.x to address deprecations

[sjinks]

Description

Node.js 21 and 22 deprecate the native punycode module in favor of the userland implementation.

However, whatwg-url 5.x still uses the native module, and this causes deprecation warnings (see #1942):

(node:59820) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)

$ npm why whatwg-url
whatwg-url@5.0.0
node_modules/whatwg-url
  whatwg-url@"^5.0.0" from node-fetch@2.7.0
  node_modules/node-fetch
    node-fetch@"^2.6.1" from the root project
    node-fetch@"^2.6.7" from @automattic/vip-go-preflight-checks@2.0.17
    node_modules/@automattic/vip-go-preflight-checks
      @automattic/vip-go-preflight-checks@"^2.0.16" from the root project

Because updating node-fetch to 3.x is not something we can do right now (node-fetch 3.x is an ESM-only module), we override the version of whatwg-url at the package manager level.

This is not the cleanest solution, but it works.

Pull request checklist

• [ ] Update SETUP.md with any new environmental variables.
• [ ] Update the documentation.
• [x] Manually test the relevant changes.
• [x] Follow the pull request checklist
• [ ] Add/update automated tests as needed.

New release checklist

• [ ] Automated tests pass.
• [ ] The Preparing for release checklist is completed.

Steps to Test

CI must pass.

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details

Scanned Manifest Files

[sonarcloud[bot]]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud