Upgrade PHPStan to 2.x and raise analysis level from 6 to 10

- Bump phpstan/phpstan ^2.0 and szepeviktor/phpstan-wordpress ^2.0
- Move the analysis level into phpstan.neon (single source) and raise it to 10
- Add Val, a runtime coercion helper that narrows untyped WordPress boundary
  values (wpdb rows, REST params, superglobals, options) with explicit checks
  instead of blind casts, plus unit tests
- Type value-object fromRow() params as stdClass (what wpdb returns) and map
  columns through Val so unexpected shapes degrade safely
- Use %i identifier placeholders for table names in all wpdb::prepare() calls
  so every query string is a literal and identifiers are escaped by WordPress;
  raises the minimum WordPress version to 6.2 where %i was introduced
- Guard wpdb::prepare() null result before wpdb::query() in updateTax()
- Fix nullable get_permalink()/strtotime() handling, list types at REST and
  capability call sites, dead null-coalescing on checked superglobals, and
  narrow get_users() results before mapping
- Register Val method names with the ValidatedSanitizedInput sniff so it
  validates the real sanitizer around each superglobal read
- Update repository unit tests for the %i placeholder arguments

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

src/Payment/StripeGateway.php

@@ -67,8 +67,8 @@ class StripeGateway {
 	 * Seam around the Stripe PaymentIntents create call so tests can stub the
 	 * network request.
 	 *
-	 * @param array<string, mixed> $params
-	 * @param array<string, mixed> $options
+	 * @param array{amount: int, currency: string, metadata: array<string, string>, description: string} $params
+	 * @param array{idempotency_key?: string} $options
 	 */
 	protected function paymentIntentsCreate( array $params, array $options ): PaymentIntent {
 		return $this->client()->paymentIntents->create( $params, $options );