chore(node): upgrade to Node 24.15.0 LTS

[dschom]

Summary

• Bumps the FXA monorepo from Node 22.15.1 to Node 24.15.0 ("Krypton") LTS — the now-active Node LTS line — across .nvmrc, root package.json#engines, all Dockerfiles, CircleCI executors, and GitHub Actions workflows.
• Hardens the contributor-facing version check: extracts the pm2-all.sh semver check into a shared _scripts/check-node-version.sh with a prominent failure banner, and wires it into package.json#preinstall so the warning fires on yarn install (not just on yarn start).
• Bumps the custom CI image tag mozilla/fxa-circleci:ci-{builder,test-runner,functional-test-runner}-v8 → -v9 so the Node-24 images publish to fresh tags and other branches still on Node 22 keep pulling -v8 while we migrate.

Closes FXA-12766.

Why this change

Node 22 is no longer the active LTS line; Node 24.15.0 is. Per the ticket, the upgrade also unlocks new built-in libraries (e.g. node:test, node:sqlite, native fetch) we may pull in as follow-ups to drop npm deps. The Jira ticket flagged a concern that "Nx has problems with v22" — read as Nx package v22 (we're on Nx 21.2.4 today). This PR keeps Nx pinned and only verifies Nx 21.2.4 works on Node 24; any Nx upgrade is a separate ticket.

What's in this PR

Version pins

• .nvmrc: 22.15 → 24.15.0
• package.json engines.node: ^22.15.1 → ^24.15.0

Startup checks (the "people-know-to-switch" piece)

• New _scripts/check-node-version.sh — shared semver check, runs without semver installed (bare-major fallback) so it works pre-yarn-install. Emits a multi-line banner pointing at nvm install $(cat .nvmrc) && nvm use.
• _scripts/pm2-all.sh — replaces the inline check with a call to the shared script.
• package.json#preinstall — chains _scripts/check-package-manager.sh && _scripts/check-node-version.sh so the warning fires on yarn install.

Docker images

• _dev/docker/mono/Dockerfile: node:22.15.1-bullseye-slim → node:24.15.0-bookworm-slim (Node 24 dropped Debian 11)
• _dev/docker/ci/Dockerfile: cimg/node:22.15.1 → cimg/node:24.15.0 (test-runner + -browsers functional-test-runner + the inline comment)
• _dev/docker/ci-lockfile-generator/Dockerfile: cimg/node:22.15.1 → cimg/node:24.15.0

CircleCI

• 4 cimg/node:22.15.1 → 24.15.0 (executors at config.yml:53, 65 and inline at 1072, 1334)
• 10 mozilla/fxa-circleci:ci-*-v8 → -v9 (executors + the build/push commands)

GitHub Actions

• deploy-storybooks.yml: hardcoded node-version: '22' → node-version-file: '.nvmrc'
• l10n-gettext-extract.yml: stale node-version: 18 → '24' (this one runs before checkout, so the file form isn't possible)

Test plan

• nvm install $(cat .nvmrc) && nvm use resolves to Node 24.15.0
• yarn install succeeds and the new preinstall check prints ✅ Node version is compatible
• With nvm use 22, yarn install fails fast with the new banner pointing at nvm install $(cat .nvmrc) && nvm use
• yarn start mza boots auth/settings/admin under Node 24
• nx run-many -t test-unit --projects=fxa-auth-server,fxa-settings,fxa-shared passes (validates Nx 21.2.4 on Node 24 — the open Jira risk)
• nx run-many -t lint --all passes
• docker build -f _dev/docker/mono/Dockerfile -t fxa-mono:node24-test . succeeds (validates bullseye → bookworm)
• docker build -f _dev/docker/ci/Dockerfile --target test-runner . succeeds (validates cimg/node:24.15.0)
• CircleCI: trigger with the force-deploy-fxa-ci-images pipeline parameter so mozilla/fxa-circleci:ci-{builder,test-runner,functional-test-runner}-v9 get built and pushed without depending on a yarn.lock change
• CircleCI: full unit-test, integration-test, and functional-test stages pass on cimg/node:24.15.0 and the new -v9 images
• Both GitHub Actions workflows (deploy-storybooks, l10n-gettext-extract) succeed on Node 24

Out of scope (follow-ups)

• Replacing npm libraries with Node 24 built-ins
• Nx 22 upgrade (only if Nx 21 turns out to misbehave on Node 24)

🤖 Generated with Claude Code