chore: node 22 LTS + dependency majors + repo hygiene

[rnegron]

Summary

Stack upgrade

• Node 18 → 22 LTS (.nvmrc, CI workflow)
• Gatsby 5.7 → 5.16, React 18.3, Tailwind 3.4, plus all in-major bumps
• Drop react-helmet + gatsby-plugin-react-helmet; SEO migrated to Gatsby Head API (per-page Head export)
• Drop eslint-config-react-app (CRA-deprecated) → oxlint
• Majors taken: prettier 3, date-fns 4, i18next 22→26, react-i18next 12→17, i18next-browser-languagedetector 7→8, @fullhuman/postcss-purgecss 5→8

CI hardening

• Fix Percy _site/ → public/, add concurrency, least-privilege permissions, npm cache, narrow push trigger
• Bump actions/stale v1 → v9 and actions/first-interaction v1 → v3 (with proper permissions)

Repo hygiene

• Rewrite README.md with logo, tagline, and modern shields.io badges
• Add CLAUDE.md (AI-assistant guide) and refresh it for the upgraded stack
• Add minimal CONTRIBUTING.md and .github/PULL_REQUEST_TEMPLATE.md

Resolves

Supersedes 12 open Dependabot PRs (transitive security advisories): #61, #62, #64, #65, #67, #69, #70, #71, #73, #74, #75, #76 — all targets are at or above the requested versions in the new lockfile, and four (devcert, url-parse, object-path, tar) are pruned out entirely.

Test plan

• npm run lint (oxlint) — 0 warnings, 0 errors
• npm run develop — boots clean; /, /about/, /code-of-conduct/, /speakers/, /topic-tables/ → 200; /no-such-page/ → 404
• npm run build && npm run serve — SSR HTML contains <title> per page via Head API + i18n strings render
• date-fns 4 verified by toggling CONFIG.activeEvent = true (formatted date rendered correctly in SSR)
• In-browser language switcher en-US ↔ es-PR (manual)
• First green CI run on this branch validates the workflow refactor