[@yarnpkg/core] update tar to prevent vulnerability

[rtritto]

node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

Affected versions <= 7.5.2

@yarnpkg/core@4.5.0 uses tar@6.0.5 that needs to be updated with tar version > 7.5.2

[viceice]

There will be no backport to tar v6

• Backport fix for GHSA-8qq5-rm4j-mr97 to 6.x series? isaacs/node-tar#449