Remove deprecated transifex dependency (security vulnerabilities in request, mocha, qs)

[PabloEnricoEnrico]

The package transifex@1.6.6 (last updated 2018) brings several security vulnerabilities as transitive dependencies:

• request@2.88.2 - CVE-2023-28155 (SSRF bypass) - deprecated, no fix available
• mocha@4.1.0 - GMS-2019-7 (ReDoS) - fix requires upgrade to 6.0.0+
• qs@6.5.x - CVE-2025-15284 (DoS via memory exhaustion) - fix requires 6.14.1+

Since scratch-l10n already uses @transifex/api for the new Transifex API, could the old transifex package be removed?

Users who only consume the locale files (like paint-editor-msgs.js) are forced to carry these vulnerabilities even though transifex is never executed at runtime in their applications.