fix(security): resolve all 51 dependency vulnerabilities (#17)

* fix(docs): resolve all 47 security vulnerabilities in docs dependencies

- Update astro 5.17.1 → 5.18.1 (fixes astro, svgo, h3, defu, devalue, smol-toml vulns)
- Update spectaql 3.0.6 → 3.0.9 (fixes handlebars, immutable, picomatch, minimatch 9.x vulns)
- Update @scalar/astro, tailwindcss, @tailwindcss/vite, graphql, react, react-dom
- Add pnpm overrides for minimatch <3.1.5 and lodash <=4.17.23 (grunt transitive deps)
- Pin all dependency versions (remove ^ ranges) to prevent supply chain attacks
- Remove unused lodash.unset patch (microfiber no longer depends on it)
- Add audit/audit:fix scripts to package.json

* fix(assets): remove unused @Event-calendar dependency and dead code

The OrderCalendar hook was never mounted (no phx-hook="OrderCalendar" in
any template). The calendar view is entirely custom LiveView HTML.

- Remove @event-calendar/core dependency (eliminates 4 svelte vulns)
- Delete dead order_calendar.js hook (278 lines)
- Delete dead event-calendar.css (1283 lines)
- Remove CSS import from app.css
- Remove hook registration from hooks/index.js
- app.js bundle reduced from 270kb to 136kb

Author: puemos

assets/css/app.css

@@ -5,7 +5,6 @@
 @variant phx-change-loading (.phx-change-loading&, .phx-change-loading &);
 
 @import "tailwindcss";
-@import "./event-calendar.css";
 
 @plugin "@tailwindcss/forms";
 @plugin "./tailwind_heroicons.js";