chore(ci): update build pipeline to match concerto-docs

[mttrbrts]

Summary

Update the techdocs build pipeline to match the modern concerto-docs pipeline configuration.

Changes

• Node.js: Upgrade from 14.x to 20.x
• Docusaurus: Upgrade from 3.7.0 to 3.10.0
• GitHub Actions: Update checkout@v2→v4, setup-node@v1→v4
• AWS Authentication: Switch from access keys to OIDC role assumption (keyless)
• S3 Deployment: Replace jakejarvis/s3-sync-action with native aws s3 sync
• Security Linting: Add syncpack + lockfile-lint for supply chain protection
• Dependency Pinning: Pin all dependencies to exact versions (no caret ranges)
• Build Performance: Add @docusaurus/faster plugin
• Configuration: Add .nvmrc (20.14.0), timeout-minutes, production environment

Flags

• ⚠️ Requires AWS OIDC setup: A repo admin must configure the AWS IAM OIDC trust relationship and add the AWS_ROLE secret before deployment will work. The workflow will fail on the "configure aws credentials" step until this is done.
• The existing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY secrets can be removed after OIDC is configured.

Testing

• ✅ npm run lint:lockfile — No issues detected
• ✅ npm run lint:deps — No issues found
• ✅ npm run build — Generated static files successfully

Author Checklist

• DCO sign-off provided on all commits
• Commits follow Accord Project format (type(scope): description)
• Build passes locally
• ESLint passes (no warnings or errors)
• Merging to main from chore/update-build-pipeline