feat(infra): standardize ESM root and harden security audit pipeline (#363)

* chore: implement ESM standardization and security attestation

Aligning root infrastructure with Node.js v24.14.0 standards.
- Set type: module in package.json to eliminate re-parsing overhead.
- Migrated Jetski Loader tests to .cjs to maintain legacy security audit compatibility.
- Verified path traversal and symlink protections with clean attestation.

* chore(ci): update pr_preflight path to .cjs for ESM compatibility

* feat(infra): surgical ESM modernization for Gemini suite

Resolved Codex P1 by reverting global root ESM shift to preserve installer stability.
- Implemented scoped 'type: module' in /docs/integrations/jetski-gemini-loader/ to eliminate re-parsing overhead.
- Updated test runner (run-test-suite.js) and CI (ci.yml) to track .cjs transitions.
- Verified zero-warning execution in Node v24.14.0.

.github/workflows/ci.yml

@@ -37,7 +37,7 @@ jobs:
       - name: Intake PR change
         id: intake
         run: |
-          node tools/scripts/pr_preflight.js \
+          node tools/scripts/pr_preflight.cjs \
             --base "origin/${{ github.base_ref }}" \
             --head "HEAD" \
             --event-path "$GITHUB_EVENT_PATH" \