Upgrade Grafana 12.3.3 → 12.4.2

Patches 7 CVEs including CVE-2026-27880 (unauthenticated OOM DoS, CVSS 7.5).
No config changes needed — alerting pending period behavior change is a net
improvement for our NoData/Error rules.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/changelog.d/upgrade-grafana-12.4.2.infra.md

@@ -0,0 +1 @@
+Upgrade Grafana from 12.3.3 to 12.4.2 — patches 7 CVEs including an unauthenticated DoS (CVE-2026-27880).