fix: ensure values are strings when passed to the functions

[jankapunkt]

When writing tests I found the following problem:

[null, undefined, true, {}, () => {}].forEach(value => {
  console.debug(isFormat.vschar(value)) // returns true for all these types
})

This means that the OAuth test suite currently does not cover if values are not strings.
This PR fixes that by prepending a check for string type in every function.

After that we need to update OAuth2 server tests accordingly!

[Copilot]

Pull request overview

This PR tightens the format validators so they only accept string inputs and adds tests to ensure non-string values are rejected, along with updating the npm lockfile to the v3 format.

Changes:

• Introduced a shared ensureString helper in index.js and wired it into all exported isFormat validators to throw a TypeError on non-string inputs.
• Added ensureValidFormat tests in test/formats.test.js to assert that each validator throws a TypeError with a consistent message when called with invalid types.
• Regenerated package-lock.json to lockfileVersion 3 with explicit packages metadata, aligning with the current package.json devDependencies.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
index.js	Adds ensureString and applies it to nchar, nqchar, nqschar, uchar, uri, and vschar to enforce string-only inputs.
test/formats.test.js	Adds ensureValidFormat helper and invokes it in each test to check type validation behavior, while still exercising the existing range-based format checks.
package-lock.json	Updates npm lockfile to version 3 and reflects the current devDependency graph for tooling (chai, mocha, eslint, nyc, jsdoc-to-markdown, etc.).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[dhensby]

Minor feedback, but not blocking