fix(build): reduce published package size by fixing files field

[Kyzgor]

Summary

Fix the files field in package.json so the published npm package only includes necessary files (build/, LICENSE, README.md), excluding source code, docs, config files, lockfiles, and test artifacts.

Problem

As reported in #90, the published package contains many unnecessary files — src/, docs/, .github/, .vscode/, .husky/, imgs/, yarn.lock, and various config files. This drastically increases download/on-disk size and can confuse security tools that scan lockfiles.

The root cause: the existing files field uses top-level negation patterns (!**/*.spec.*, !**/*.json) that break the whitelist behavior, and references a nonexistent CHANGELOG.md.

Solution

Fixed the files field to properly scope exclusions within the build/ directory:

"files": [
  "build",
  "!build/tests",
  "!build/**/*.spec.*",
  "LICENSE",
  "README.md"
]

Changes:

• Replaced broken top-level !**/*.spec.* with properly scoped !build/**/*.spec.*
• Replaced overly broad !**/*.json with targeted !build/tests exclusion
• Removed nonexistent CHANGELOG.md reference

Testing

Verified with npm pack --dry-run --ignore-scripts:

• Before: Package includes src/, docs/, .github/, .vscode/, .husky/, imgs/, yarn.lock, config files (2,374+ files)
• After: Package includes only build/ (minus tests), LICENSE, README.md, package.json (1,767 files)
• No src/, docs/, config, or lockfiles in published output
• No test files (*.spec.*) in published output

Backwards Compatibility

No breaking changes. The published package contents are a strict subset of what was previously published — only unnecessary files were removed.

Checklist

• yarn lint passes
• Verified with npm pack --dry-run
• No changes to src/openapi/ (auto-generated)

Fixes #90