Ran npm audit fix to resolve non-breaking vulnerabilities (118 → 53).
Updated Known Security Notices in README to accurately describe all
remaining issues and why they cannot be resolved without breaking changes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>