Static asset fingerprint policy

This proposal has been implemented and validated in staging for two full deployment cycles. All static assets now include content hashes in filenames, and HTML references are generated during build to avoid manual drift. We observed a clear reduction in stale asset incidents after deploy, especially for CSS and search bundles that were previously cached beyond expected windows. Remaining work is documentation: we need a short section in the contributor guide explaining when hash changes are expected, how to verify manifest integrity, and what to check first when users report mixed-version assets.