CVE-2026-33863: Convict has prototype pollution via load(), loadFile(), and schema initialization

Two unguarded prototype pollution paths exist, not covered by previous fixes:

1. config.load() / config.loadFile() — overlay() recursively merges config data without checking for forbidden keys. Input containing __proto__ or constructor.prototype (e.g. from a JSON file) causes the recursion to reach Object.prototype and write attacker-controlled values onto it.
2. Schema initialization — passing a schema with constructor.prototype.* keys to convict({...}) causes default-value propagation to write directly to Object.prototype at startup.

Depending on how polluted properties are consumed, impact ranges from unexpected behavior to authentication bypass or RCE.