Replace Wintersmith with Metalsmith

Wintersmith is no longer maintained given that the most recent version
is from six years ago, and all vulnerabilities that NPM reports
originate from Wintersmith's dependencies. Metalsmith, and its plugins,
on the other hand have recently had releases and don't have known
vulnerabilities. In fact, the number of reported vulnerabilities by NPM
even goes down to zero with this patch applied.

This commit therefore replaces Wintersmith with Metalsmith by providing
a transparent drop-in replacement, in a way that requires the least
amount of changes to the code and the generated output.

Note that this patch does update our versions of jQuery, Bootstrap and
the Highlight.js theme because the previous versions were very outdated
and didn't work correctly with Metalsmith. Moreover, those old versions
contained vulnerabilities that are hereby fixed.

Fixes #18198.

package.json

@@ -8,6 +8,8 @@
     "@fluent/bundle": "^0.18.0",
     "@fluent/dom": "^0.9.0",
     "@jazzer.js/core": "^2.1.0",
+    "@metalsmith/layouts": "^2.7.0",
+    "@metalsmith/markdown": "^1.3.0",
     "autoprefixer": "^10.4.19",
     "babel-loader": "^9.1.3",
     "caniuse-lite": "^1.0.30001632",
@@ -33,9 +35,12 @@
     "gulp-rename": "^2.0.0",
     "gulp-replace": "^1.1.4",
     "gulp-zip": "^6.0.0",
+    "highlight.js": "^11.9.0",
     "jasmine": "^5.1.0",
     "jsdoc": "^4.0.3",
-    "jstransformer-markdown-it": "^3.0.0",
+    "jstransformer-nunjucks": "^1.2.0",
+    "metalsmith": "^2.6.3",
+    "metalsmith-html-relative": "^2.0.1",
     "ordered-read-streams": "^2.0.0",
     "path2d": "^0.2.0",
     "pngjs": "^7.0.0",
@@ -53,11 +58,9 @@
     "tsc-alias": "^1.8.10",
     "ttest": "^4.0.0",
     "typescript": "^5.4.5",
-    "typogr": "^0.6.8",
     "vinyl": "^3.0.0",
     "webpack": "^5.91.0",
     "webpack-stream": "^7.0.0",
-    "wintersmith": "^2.5.0",
     "yargs": "^17.7.2"
   },
   "scripts": {