Removes cli eslint from npm package

[milanholemans]

Closes #7159

---

This PR:

• Refactors our ESLint rules to ESM.
• Removes ESLint rules from the project dependencies.
• Excludes ESLint rules from the NPM package.

[Copilot]

Pull request overview

This PR addresses the security advisory in #7159 by removing the eslint-plugin-cli-microsoft365 package footprint from installation/audit results, while keeping the repository’s internal ESLint rules usable for development.

Changes:

• Removed the local eslint-plugin-cli-microsoft365 dependency and its shrinkwrap entries.
• Refactored the internal ESLint rules implementation from CommonJS to ESM and updated eslint.config.mjs to consume it.
• Ensured eslint-rules/ is excluded from the published npm package.

Reviewed changes

Copilot reviewed 8 out of 10 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
package.json	Removes the local eslint-plugin-cli-microsoft365 devDependency reference.
npm-shrinkwrap.json	Drops the linked local package entries so npm audit no longer reports it.
eslint.config.mjs	Switches to importing the internal rules module without depending on an installed plugin package.
eslint-rules/package.json	Removes the nested package identity for the internal rules (no longer an npm package).
eslint-rules/package-lock.json	Removes the nested lockfile for the internal rules package.
eslint-rules/lib/rules/no-by-server-relative-url-usage.js	Converts the rule export to ESM.
eslint-rules/lib/rules/correct-command-name.js	Converts the rule export to ESM.
eslint-rules/lib/rules/correct-command-class-name.js	Converts the rule export to ESM and preserves named exports for testing.
eslint-rules/lib/index.js	Converts the plugin entry point to ESM imports/exports.
.npmignore	Excludes eslint-rules/ from the npm package.

Files not reviewed (2)

• eslint-rules/package-lock.json: Language not supported
• npm-shrinkwrap.json: Language not supported

[kjenney]

Thanks!