Add first-party analytics tracker with encrypted transmissions

Core system:
- AnalyticsUniqId entity (visitor identity with device/os/browser parsing)
- AnalyticsEvent entity (page views linked to visitor)
- POST /t endpoint with AES-256-GCM encrypted payloads
- HMAC-SHA256 visitor hash for anti-tampering
- Async processing via Messenger
- JS module: auto page_view tracking, setAuth for logged users
- Encryption key shared via data-k attribute on body
- setAuth only triggers when cookie consent is accepted
- Clean CSP: remove old tracker domains (Cloudflare, Umami)

100% first-party, no cookies, invisible to adblockers, RGPD-friendly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

templates/base.html.twig

@@ -84,7 +84,7 @@
     {% endblock %}
     {% block head %}{% endblock %}
 </head>
-<body class="min-h-screen flex flex-col bg-[#fbfbfb] text-[#111827]" data-env="{{ app.environment }}">
+<body class="min-h-screen flex flex-col bg-[#fbfbfb] text-[#111827]" data-env="{{ app.environment }}" data-k="{{ analytics_key }}"{% if app.user and app.user.id is defined and app.request.cookies.get('e_ticket_consent') == 'accepted' %} data-uid="{{ app.user.id }}"{% endif %}>
     <header class="sticky top-0 z-50 bg-white border-b-4 border-gray-900">
         <nav class="mx-auto px-4 lg:px-8" role="navigation" aria-label="Navigation principale" itemscope itemtype="https://schema.org/SiteNavigationElement">
             <div class="flex justify-between items-center h-20">