fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#20636)

## Summary
- Bumps `rollup-plugin-license` from 3.3.1 → 3.7.1
- This updates the lodash constraint from `~4.17.21` to `^4.17.21`,
allowing resolution to patched lodash 4.18.x
- Removes orphaned `[email protected]` lockfile entry
- Fixes [Dependabot alert
1281](https://github.com/getsentry/sentry-javascript/security/dependabot/1281)
(CVE-2026-4800, code injection via `_.template`)
- Fixes [Dependabot alert
1280](https://github.com/getsentry/sentry-javascript/security/dependabot/1280)
(CVE-2026-2950, prototype pollution via `_.unset`/`_.omit`)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>

Author: chargome

package.json

@@ -122,9 +122,9 @@
     "@rollup/plugin-terser": "^0.4.4",
     "@rollup/plugin-typescript": "^11.1.6",
     "@rollup/pluginutils": "^5.1.0",
+    "@size-limit/esbuild": "~12.1.0",
     "@size-limit/file": "~12.1.0",
     "@size-limit/webpack": "~12.1.0",
-    "@size-limit/esbuild": "~12.1.0",
     "@types/jsdom": "^21.1.6",
     "@types/node": "^18.19.1",
     "@vitest/coverage-v8": "^3.2.4",
@@ -142,7 +142,7 @@
     "rimraf": "^5.0.10",
     "rollup": "^4.59.0",
     "rollup-plugin-cleanup": "^3.2.1",
-    "rollup-plugin-license": "^3.3.1",
+    "rollup-plugin-license": "^3.7.1",
     "size-limit": "~12.1.0",
     "sucrase": "^3.35.0",
     "ts-node": "10.9.2",