fix(deps): resolve Dependabot security alerts (#20)

Bump @modelcontextprotocol/sdk to ^1.29.0 to address ReDoS
(GHSA-8r9q-7v3j-jr4g) and DNS rebinding (GHSA-w48q-cv73-mx4w)
advisories. Run npm audit fix to update transitive dependencies
js-yaml, minimatch, flatted, picomatch, ajv, and brace-expansion.

Resolves all 9 open Dependabot alerts; npm audit reports 0
vulnerabilities.

Author: dcbouius