[Feature] Add `minimumReleaseAge` option similar to pnpm

[k1tikurisu]

• I'd be willing to implement this feature (contributing guide)
• This feature is important to have in this repository; a contrib plugin wouldn't do

Describe the user story

As an engineering team, we want to avoid installing package versions that were just published (including transitives) until they’ve aged for a configurable window. This reduces exposure during fast-moving supply-chain incidents where bad releases are published and reverted within hours.

ref: pnpm/pnpm#9921

Describe the solution you'd like

Introduce an age gate similar to pnpm’s minimumReleaseAge (added in pnpm 10.16.0) that defers freshly published versions until they’ve been public for X minutes.

Config (example):

# .yarnrc.yml
npmMinimumReleaseAge: 1440          # minutes; 0 = disabled (default)
npmMinimumReleaseAgeExclude:        # optional allowlist by package name (globs ok)
  - react
  - webpack
# (optional) per-scope overrides
npmScopes:
  myco:
    npmMinimumReleaseAge: 60

Behavior:

• On yarn add / up / install, if the best semver candidate is younger than the threshold, prefer the newest candidate meeting the age; if none meet it, fail with a clear error and suggest --bypass-age-policy for one-off overrides.
• Respect the lockfile: installs that don’t modify resolutions are not blocked.
• CLI override: --minimum-release-age .

Describe the drawbacks of your solution

• Slower adoption of urgent fixes