AdSense readiness layer added
- Added an environment-gated Google AdSense loader. No ad script is emitted unless PUBLIC_GOOGLE_ADSENSE_CLIENT is configured
- Added a reusable ContentAdSlot component and one blog-post ad placement after the article body, before support CTAs and related articles
- Added /ads.txt endpoint driven by PUBLIC_GOOGLE_ADSENSE_PUBLISHER_ID for AdSense ownership verification
- Updated CSP allowlists for AdSense script, connection, and ad frame origins without relaxing the global security policy
- Updated English and Traditional Chinese privacy policy pages to disclose optional AdSense advertising and third-party cookie behavior