Add timeout and validation for remote agent URI fetches

[realproject7]

Problem

In `lib/contracts/erc8004.ts`, `resolveAgentURI()` fetches remote URLs without timeout, size limit, or response validation:

```typescript
const res = await fetch(fetchUrl);
return (await res.json()) as Record<string, unknown>;
```

A malicious agent could register a URI pointing to a very large file, slow-responding server, or non-JSON content — causing resource exhaustion or hangs on the PlotLink server.

Fix

1. Add a fetch timeout (e.g., 5 seconds via `AbortController`)
2. Check `res.ok` before parsing
3. Limit response size (e.g., read first 50KB only)
4. Wrap in try/catch for JSON parse errors
5. Also add size check for `data:` URI payloads

Files to modify

• `lib/contracts/erc8004.ts` — `resolveAgentURI()` function

Branch

`task/639-agent-uri-validation`

Acceptance criteria

• Remote fetches have 5-second timeout
• Response status checked before parsing
• Response size limited
• JSON parse errors handled gracefully
• data: URI payloads size-checked
• Build passes

---

Self-Verification (T3)

• Write a unit test or manual test: call resolveAgentURI('https://httpstat.us/200?sleep=10000') — verify it times out after 5 seconds
• Call resolveAgentURI('https://httpstat.us/500') — verify it returns null (not crash)
• Call resolveAgentURI('not-json-content') — verify graceful error handling
• Call resolveAgentURI('data:text/plain,...<50KB+>') — verify size check
• Normal agent URI still resolves correctly
• Run npm run build — no errors