ci: modernize node setup and pin npm for reproducible installs

[PaulHax]

What

• Upgrade actions/setup-node v1 → v4 (Node 22, npm caching) in checks.yml.
• Add an explicit setup-node step to e2e.yml so the e2e job is pinned to Node 22 instead of floating with the runner default.
• Pin the package manager: "packageManager": "npm@10.9.8".
• Fold in the patched versions from the stuck Dependabot PRs: fast-uri (chore(deps-dev): bump fast-uri from 3.1.1 to 3.1.2 #875), @babel/plugin-transform-modules-systemjs (chore(deps-dev): bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.7 #876), js-cookie (chore(deps-dev): bump js-cookie from 3.0.5 to 3.0.8 #882), qs (chore(deps-dev): bump qs from 6.15.1 to 6.15.2 #883), tmp (chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 #884).

Why

The Dependabot PRs were all failing npm ci ("Missing: chokidar from lock file"). Root cause: Dependabot regenerated package-lock.json with a different npm than the one that produced main's lock, dropping nested subtrees that npm ci then rejected. main itself was fine.

Pinning packageManager makes CI, local dev, and Dependabot resolve the lock with the same npm (10.9.8), so future Dependabot updates stay consistent. No corepack needed: plain npm ignores the field, Dependabot reads it.

The setup-node v1 → v4 bump also clears the deprecation warning (v1 ran on the now-removed Node 20 actions runtime). Pinning e2e to Node 22 guards against the runner default later moving to Node 24, which breaks the wdio e2e worker bootstrap.

Closes the need for #875, #876, #882, #883, #884.

[netlify]

✅ Deploy Preview for volview-dev ready!

Name	Link
🔨 Latest commit	6159a84
🔍 Latest deploy log	https://app.netlify.com/projects/volview-dev/deploys/6a1f4db8fa7cdf000876252b
😎 Deploy Preview	https://deploy-preview-887--volview-dev.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.