chore: Remove unused dependencies

[X-Guardian]

Description

Removes five declared-but-unused dependencies that knip had flagged and that were parked behind // TODO: triage and remove entries in knip.jsonc. Each was verified to have no usage before removal:

• Root package.json devDependencies:
  • changelog-parser — no source references anywhere in the repo.
  • infer-owner — no source references anywhere in the repo.
  • semver — the root declaration has no importer. The semver deps in packages/cdktn, packages/cdktn-cli, and packages/@cdktn/cli-core are genuinely used and are left in place; only the redundant root-level declaration is removed.
• test/package.json devDependencies:
  • express and @types/express — no usage.

knip.jsonc is updated to drop the corresponding ignoreDependencies entries and their TODO comments.

Checklist

• I have updated the PR title to match CDKTN's style guide
• I have run the linter on my code locally
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation if applicable
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works if applicable
• New and existing unit tests pass locally with my changes

[sakul-learning]

Thanks for the cleanup here. One important release-path detail: release-please has not taken over the full release job yet; it only maintains the release PR / changelog / manifest in the current setup. The GitHub Release is still created by the existing release workflow, which still depends on the tool that imports changelog-parser.

Current dependency trace:

1. .github/workflows/release-please.yml documents that release-please runs with skip-github-release: true, so it does not create the tag or GitHub Release. Its comments say that responsibility remains with release.yml's release_github job.
2. .github/workflows/release.yml has the active release_github job (Release to Github) which runs pnpm run release-github.
3. package.json maps release-github to tools/release-github.sh.
4. tools/release-github.sh calls tools/extract-changelog to build the GitHub Release body.
5. tools/extract-changelog does require("changelog-parser").

So removing the root changelog-parser dependency breaks the currently configured GitHub Release creation path. If the goal is to retire that path because release-please should own GitHub releases too, this PR should also update the release ownership intentionally (for example, flip release-please off skip-github-release and remove/update the release_github job and the now-obsolete tools). Otherwise, changelog-parser should stay declared.