v2.2.5 - EventChain DoS guard + transactional fromSnapshot

Recursion-depth DoS guard (MAX_CANONICAL_DEPTH = 256) on canonicalJson and deepCloneJson, so a hostile deeply-nested payload from an untrusted snapshot is rejected early and fails closed instead of exhausting the stack. Transactional fromSnapshot - a too-deep or throwing row now leaves the instance state intact instead of desyncing. Refreshed README + npm description. Round-5 independent security audit GREEN with no findings. 4,087 tests pass. This is npm latest.