security: kill GrowthBook phone-home and auto-updater at build time

Adds a Bun build plugin that replaces analytics/telemetry modules with
no-op stubs at compile time.

Primary targets (NOT killed by PR #94 or the feature() shim):

  - GrowthBook: phones home to api.anthropic.com on every launch,
    sending account UUID, org UUID, email, device ID, subscription
    type. Refreshes every 6 hours. Now returns defaults without
    making any network call.

  - Auto-updater: contacts storage.googleapis.com and npm registry
    on launch to check for new versions. Now returns null/no-op.

Defense-in-depth (already gated by PR #94 or feature flags, but
now the code itself is replaced with empty functions):

  - Datadog, 1P event logging, BigQuery metrics, Perfetto tracing,
    session tracing, plugin fetch telemetry, transcript sharing.

Deliberately NOT stubbed:

  - Plugin marketplace (downloads.claude.ai) — needed for /plugin
  - User-configurable OTel (CLAUDE_CODE_ENABLE_TELEMETRY) — opt-in

Implementation: separate plugin file (scripts/no-telemetry-plugin.ts)
with a 2-line hook in build.ts. The plugin file does not exist
upstream so it cannot cause merge conflicts.

scripts/build.ts

@@ -9,6 +9,7 @@
  */
 
 import { readFileSync } from 'fs'
+import { noTelemetryPlugin } from './no-telemetry-plugin'
 
 const pkg = JSON.parse(readFileSync('./package.json', 'utf-8'))
 const version = pkg.version
@@ -64,6 +65,7 @@ const result = await Bun.build({
     'MACRO.NATIVE_PACKAGE_URL': 'undefined',
   },
   plugins: [
+    noTelemetryPlugin,
     {
       name: 'bun-bundle-shim',
       setup(build) {