* chore: add server.json + mcpName for MCP Registry / Glama inspection

- Add server.json (MCP Registry spec 2025-12-11) at repo root so Glama
  and the MCP Registry can discover the npm package, stdio transport,
  and the full env var matrix (all optional — preview mode is the
  default and needs no credentials).
- Add mcpName "io.github.demwick/polymarket-agent-mcp" to package.json
  per official MCP Registry package-ownership verification rules.
- Bump to 1.6.6 so Glama's aggregator picks up the new metadata on
  the next scan.

This unblocks the pending quality + security scores on the new Glama
listing (required for awesome-mcp-servers PR #4397).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* ci: harden release workflows against injection and sign artifacts

- promote-to-main.yml: pass workflow_dispatch inputs and step outputs
  via env vars; use single-quoted heredoc + bash parameter expansion
  so commit-message content in ${{ steps.check.outputs.changes }} can
  never be evaluated as shell (OSSF Scorecard dangerous-workflow class)
- tag-on-merge.yml: same env-var pattern for the summary step; add
  cosign keyless sign-blob step and upload the .tgz + .sig + .pem
  tarball assets to the GitHub Release so Signed-Releases can detect
  cryptographic signatures

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* test: add property-based fuzzing for BudgetManager.calculateCopyAmount

Adds a fast-check property suite that verifies two invariants across
200+100 randomized runs:
- copy amount is always clamped by 25% of daily limit and by remaining
  budget, never exceeds either and never goes negative or non-finite
- when remaining budget is exhausted, the computed amount is exactly 0

Enables OSSF Scorecard Fuzzing recognition (fast-check integration).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>