fix: update @modelcontextprotocol/sdk to ^1.25.3

Patches HIGH security vulnerabilities:
- ReDoS vulnerability (CVE fix)
- Missing input validation (CVE fix)

Also updates transitive deps (qs, body-parser, js-yaml).

Author: Dan Opus