chore(deps)!: move @workos-inc/node to peerDependencies

@workos-inc/node's types (User, OauthTokens, AuthenticationResponse)
are surfaced into authkit-nextjs's public-API interfaces in
src/interfaces.ts (Session, UserInfo, HandleAuthSuccessData). When a
consumer's resolved version of @workos-inc/node differs from the
version satisfying authkit-nextjs's transitive ^9.0.0 range, package
managers install a duplicate copy under
node_modules/@workos-inc/authkit-nextjs/node_modules/@workos-inc/node/.
TypeScript then emits TS2883 on consumer code that infers return types
from withAuth() / refreshSession(), because the canonical path of the
referenced User type crosses a nested node_modules.

Declaring @workos-inc/node as a peer dependency forces a single resolved
copy in the consumer tree by construction — the same pattern already
used here for next, react, and react-dom. Added to devDependencies so
the package's own build, typecheck, and tests continue to find it.

BREAKING CHANGE: consumers must now have @workos-inc/node listed in
their own dependencies. In practice most consumers already do, since
authkit-nextjs only wraps a subset of the WorkOS server SDK and
production code paths typically call WorkOS directly for organization
and user management.

package.json

@@ -38,13 +38,13 @@
   },
   "dependencies": {
     "@sindresorhus/fnv1a": "^3.1.0",
-    "@workos-inc/node": "^9.0.0",
     "iron-session": "^8.0.4",
     "jose": "^5.10.0",
     "path-to-regexp": "^6.3.0",
     "valibot": "^1.2.0"
   },
   "peerDependencies": {
+    "@workos-inc/node": "^9.0.0",
     "next": "^13.5.9 || ^14.2.26 || ^15.2.3 || ^16",
     "react": "^18.0 || ^19.0.0",
     "react-dom": "^18.0 || ^19.0.0"
@@ -56,6 +56,7 @@
     "@types/react": "18.2.67",
     "@types/react-dom": "18.2.22",
     "@vitest/coverage-v8": "^3.2.4",
+    "@workos-inc/node": "^9.0.0",
     "jsdom": "^26.1.0",
     "next": "^16.2.1",
     "oxfmt": "^0.42.0",