chore: bump pnpm and add package age gate

[prd-carapulse]

Summary

• Bumps the repo's pnpm pin/configuration to pnpm 11.0.9.
• Adds a pnpm minimum package age of 3 days (minimumReleaseAge: 4320).

Maintainer checklist before merging pnpm v11

• Run installs with the PR's pinned pnpm version (corepack prepare pnpm@11.0.9 --activate or the repo's normal Corepack flow), preferably from a clean checkout/cache.
• Run the repo's normal lockfile, lint, typecheck, test, and build commands; update the lockfile if pnpm v11 rewrites it.
• Review pnpm v11 config compatibility: v11 no longer reads pnpm settings from package.json#pnpm; migrate any still-needed settings to pnpm-workspace.yaml.
• Review dependency build approvals: pnpm v11 uses allowBuilds and strictDepBuilds defaults to true, so every required dependency build script should be explicitly allowed and every unnecessary one denied.
• Confirm the package-age gate does not block required emergency/private packages; add narrowly scoped minimumReleaseAgeExclude entries only when justified.

Request Context

• Initiator: tarik (Slack display name; GitHub login unresolved)
• Initial Slack thread: Slack channel C0B3Z936HR6, thread 1778595495.930059
• Rationale: requested supply-chain hardening across active repos by pinning pnpm to v11 where applicable and enforcing a 3-day package-age gate where missing.

Verification

• Generated and validated the config edits mechanically (JSON/TOML/YAML text changes only).
• Did not run repo-specific installs/tests in this batch; maintainers should complete the checklist above before merging.