chore: remove unused deps (Algolia, vite-plugin-imagemin) + final security cleanup

- Removed algoliasearch, react-instantsearch, react-instantsearch-dom (zero imports in codebase)
- Removed vite-plugin-imagemin (pulled 403 vulnerable transitive deps; images already pre-optimized as WebP)
- Vulnerabilities: 32 → 2 moderate (both in undici via libpkgx, no fix available)
- All 4 VITE_HOST variants build clean

Author: OpenClaw