Release v0.9.0

Release type: stable
Release line: 0.9.x
Branch: release/0.9.x

npm install @frontmcp/sdk@0.9.0

Secure ID Generation: Introduced generateSecureId function for cryptographically secure random ID generation in RequestLoggerProvider.
Direct Server Creation: Added create() factory function for flat-config direct server creation, supporting machine ID injection and instance caching.
Safe Redirect URI Validation: Implemented safeRedirectUriSchema to ensure only HTTP/HTTPS schemes are used in OAuth flows, enhancing security.

CORS Configuration: Enhanced ExpressHostAdapter with customizable CORS options, allowing fine-grained control over origin, credentials, and max-age.
Regex Safety: Improved regex handling in SessionStore and www-authenticate.utils.ts to prevent ReDoS vulnerabilities by using character-by-character parsing.
Header Redaction: Added sensitive header redaction in HttpClient logs to prevent credential leakage.

OAuth Redirect URI: The redirect_uri in OAuth flows now strictly requires HTTP/HTTPS schemes, rejecting other protocols to prevent open-redirect vulnerabilities.

What's Changed

Cherry-pick: feat: Enhance release workflow with AI changelog generation and docs sync trigger by @github-actions[bot] in #228
feat: Refactor docs sync process to use GitHub API for triggering updates by @frontegg-david in #230
Cherry-pick: feat: Refactor docs sync process to use GitHub API for triggering updates by @github-actions[bot] in #231
feat: Enhance security by implementing least-privilege permissions and improving HTML sanitization by @frontegg-david in #233
feat: Implement machine ID override for session continuity and add tests for create() function by @frontegg-david in #234

Full Changelog: v0.8.1...v0.9.0