Remove commitizen

[andrejak]

Why drop commitizen / @commitlint/cz-commitlint

• to get rid of some vulnerabilities:commitizen is the only remaining source of both tmp@0.0.33 ([Un-nest debug options for the client #48]) and lodash@4.17.21 ([[FLAPI-1301] Export order change related functions #118] / [build(deps-dev): bump @typescript-eslint/parser from 4.27.0 to 4.28.0 #117]) in the tree, and it has no upstream fix path (its inquirer@8 → external-editor@3 chain is frozen). Removing it clears tmp entirely and downgrades the remaining lodash pins to the safer 4.17.23 line.
• Kept @commitlint/cli + husky commit-msg hook — commit-message enforcement is unchanged. Only the interactive yarn commit flow is gone, which nobody strictly needs; contributors can still write a conventional commit message by hand and commitlint will validate it.
• Also added tslib@2.8.1 as an explicit devDependency — it's a peer dep of @rollup/plugin-typescript that was previously being satisfied transitively through commitizen, so removing commitizen broke the build until we added it directly.