fix: enforce Subresource Integrity (SRI) verification for FFmpeg core binaries

[Abhishek2005-ard]

Description

This PR fixes a critical security vulnerability where the Subresource Integrity (SRI) verification for the ffmpeg-core WebAssembly and JS binaries was being bypassed during initialization.

While the fetchWithIntegrity function and the SRI_HASHES dictionary were correctly implemented to secure the FFmpeg binaries against tampering, the loadFFmpeg function bypassed them entirely by calling toBlobURL directly.

Changes Made

• Updated src/lib/ffmpeg.ts to utilize the existing fetchWithIntegrity function for coreURL and wasmURL.
• Retained toBlobURL as the fallback for workerURL since it currently does not have an SRI hash associated with it.

Impact

This change guarantees that the core FFmpeg WebAssembly binaries loaded in the browser are authentic and haven't been maliciously altered, protecting the application against supply chain attacks or intercepted traffic.

Testing

• Tested local video export flows (trimming, format conversion, resizing).
• Successfully verified that fetchWithIntegrity correctly resolves and executes the FFmpeg processes.
• Passed all 71 existing test suites via npm test.
• Passed next lint successfully without new warnings.

close #1575

[vercel]

@Abhishek2005-ard is attempting to deploy a commit to the magic-peach1's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

👋 Thanks for your PR, @Abhishek2005-ard!

Welcome to Reframe — a browser-based video editor built for everyone 🎬

What happens next

1. 🤖 Automated checks — build & TypeScript typecheck will run automatically
2. ✅ Vercel preview — a preview deployment will be created (requires maintainer authorization for fork PRs)
3. 👀 Code review — a maintainer will review your changes
4. 🚀 Merge — once approved, your PR will be merged!

Quick checklist

• PR title follows Conventional Commits (e.g. feat: add dark mode)
• Linked the issue this PR closes (e.g. Closes #123)
• Tested the changes locally (bun run dev)
• Build passes (bun run build)

Useful links

• 📖 CONTRIBUTING.md
• 🐛 Open Issues
• ⭐ Star the repo to support the project!

Happy coding! 🎉

[github-actions]

✅ PR Format Check Passed — @Abhishek2005-ard

Basic format checks passed. A maintainer will review your code changes.

This does not mean the PR is approved — it just means the format is correct.