fix: remove duplicate dependencies block and add CI with publint vali…

[nelly439]

…dation

• Merge the two 'dependencies' objects in package.json into one canonical block (js-sha3 ^0.9.3 is unchanged — only the duplicate entry is removed)
• Add 'validate' script: npx publint, which statically checks exports, files, and package metadata for correctness before publish
• Add .github/workflows/ci.yml: runs validate → lint → typecheck → unit tests → build → smoke tests across Node 18/20/22 on every push/PR to main, ensuring duplicate-key and malformed-metadata regressions are caught automatically
• Document 'pnpm validate' in README Development section

Description

Semver impact:

Linked Issue

Closes #

Type of Change

• 🐛 Bug fix (patch)
• ✨ New feature / method (minor)
• 💥 Breaking change (major)
• 📝 Documentation / TypeDoc update
• 🔧 Chore / refactor
• 🧪 Tests only

Changes Made

Public API Changes

// New / changed exports:

Test Evidence

pnpm test:run output:

Build Evidence

pnpm build output:

Checklist

• I have read CONTRIBUTING.md
• This PR is linked to an open issue
• pnpm typecheck passes
• pnpm lint passes
• pnpm test:run passes — all tests green
• pnpm build succeeds — dist/ generated cleanly
• All new public methods/types have TypeDoc comments
• New behaviour is covered by at least one Vitest unit test
• No new runtime dependencies added without prior maintainer approval
• docs/ updated if public API changed
• examples/ updated if new usage patterns were added
• Backwards compatibility maintained (or breaking change clearly noted above)

closes #85