Add UTM params to session acks

[rockwellll]

Summary

• Thread the initialized page context into session acking so the first ack can include page UTM params.
• Allow the acks API helper to merge ack metadata while keeping the SDK-owned session and timestamp authoritative.
• Add focused tests for ack UTM selection and request serialization.

---

Note

Low Risk
Extends the public acks payload and session init wiring only; existing ack deduplication and authoritative session/timestamp behavior are preserved.

Overview
Session acks now carry utm_params from the page context passed into Session.initialize (the same object Hellotext.initialize uses), so attribution can be tied to the first session ack without changing when an ack is sent.

AcksAPI.send accepts optional metadata (e.g. utm_params) and merges it into the POST body, while session and at still always come from the live SDK state so callers cannot override them.

New tests cover ack request serialization and session ack rules: UTMs on first ack, empty object when missing, latest page on re-ack after session change, and no ack (hence no UTMs) when the session was already acked.

^{Reviewed by Cursor Bugbot for commit 9cd7c0d. Bugbot is set up for automated code reviews on this repo. Configure here.}