PILOT-27: GDPR-compliant cookie consent banner + gate analytics behind consent

[hank-pilot]

Summary

Implements GDPR-compliant cookie consent for pilotprotocol.network:

1. Consent banner injected via BaseHead (appears on every page) with Accept/Reject buttons
2. GA4 gated: no longer loads unconditionally — loads dynamically only after user accepts
3. PostHog gated: uses shared consent-check.ts module, only initializes after consent
4. Cookie Preferences link added to footer → reopens the banner
5. Consent stored in localStorage (pilot_consent key: accepted / rejected)

Changes

File	Change
src/components/BaseHead.astro	Banner injection script + consent-gated GA4 + consent styles
src/scripts/consent-check.ts	NEW — shared module with getConsent(), hasConsent(), onConsentChange()
src/scripts/analytics.ts	PostHog now imports consent-check, gates behind consent
src/components/Footer.astro	Added "Cookie Preferences" link + JS to reopen banner

Testing

• Build verified: 301 pages, zero errors
• No unconditional googletagmanager.com/gtag/js in any output page
• Consent banner HTML present in all pages via BaseHead
• Cookie Preferences link in footer Legal section, reopens banner on click
• Matches documented behavior in cookies.astro and privacy.astro

Acceptance criteria

• AC-1 ✅ Cookie consent banner respects user choice (no PostHog/GA4 firing pre-consent)
• AC-2 ✅ PostHog tracks key events (still wired but gated — consented users only)
• AC-3 ✅ Privacy policy updated (was already accurate — just verified)

[github-actions]

🚀 Preview deployed to Cloudflare Pages

• Commit deploy URL: https://a23089db.pilotprotocol.pages.dev
• Branch alias: https://hank/pilot-27-cookie-consent.pilotprotocol.pages.dev (may take ~30s to propagate)
• Commit: 4ac88e51aea2704900d539b3622050541e4a69fb