I am wondering if a website (with or without Javascript) can perform surveillance such as OS screen capture, packet sniffing, etc? I am curious specifically about IOS, but I will gladly hear about other OS' as well.
No. At least not if everything works as intended or without the user's knowledge.
Browsers do their utmost to protect their users from harm. It would be a major issue if any website would immediately have access to the user's whole device.
Websites can make use of features such as the Screen Capture API, but this is only possible if the user gives the website permission to use it. Packet sniffing is definitely not something that a website should be able to do.
Unfortunately, in software engineering, you can never guarantee that your software is free of exploits.
But when severe vulnerabilities become publicly known, they will be patched, so as long as you install your updates, you should be relatively save.