fix(analytics): point jsdoc footer tracker at first-party /_a (#46)

The jsdoc footer still embedded the Umami tracker cross-origin
(analytics.jellyrock.app/script.js), even though the live site already serves
it first-party. Under the static-site CSP (script-src 'self' [+ 'unsafe-inline'
on the doc carve-out], ADR-0006) a cross-origin script source is blocked, so a
future docs regeneration from this jsdoc.json would reintroduce the May-2026
analytics-blackout footgun on api.

Sync the source to the first-party path used everywhere else: /_a/script.js
plus data-host-url so events post to the same-origin /_a/api/send proxy.

Author: cewert