fix(security): update lock file — hono 4.12.3 + SDK 1.27.1 (#4)

Updated transitive deps to patched versions:
- @modelcontextprotocol/sdk: 1.26.0 -> 1.27.1
  (cross-client data leak via shared transport, affects 1.10.0-1.25.3,
  patched in 1.26.0)
- hono: 4.12.0 -> 4.12.3
  (authentication bypass via IP spoofing, patched in 4.12.3)

No package.json change needed — existing semver ranges already allow
the patched versions.

package-lock.json

@@ -621,9 +621,9 @@
       }
     },
     "node_modules/@modelcontextprotocol/sdk": {
-      "version": "1.26.0",
+      "version": "1.27.1",
-      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.26.0.tgz",
+      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.27.1.tgz",
-      "integrity": "sha512-Y5RmPncpiDtTXDbLKswIJzTqu2hyBKxTNsgKqKclDbhIgg1wgtf1fRuvxgTnRfcnxtvvgbIEcqUOzZrJ6iSReg==",
+      "integrity": "sha512-sr6GbP+4edBwFndLbM60gf07z0FQ79gaExpnsjMGePXqFcSSb7t6iscpjk9DhFhwd+mTEQrzNafGP8/iGGFYaA==",
       "license": "MIT",
       "dependencies": {
         "@hono/node-server": "^1.19.9",
@@ -2615,9 +2615,9 @@
       }
     },
     "node_modules/hono": {
-      "version": "4.12.0",
+      "version": "4.12.3",
-      "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.0.tgz",
+      "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.3.tgz",
-      "integrity": "sha512-NekXntS5M94pUfiVZ8oXXK/kkri+5WpX2/Ik+LVsl+uvw+soj4roXIsPqO+XsWrAw20mOzaXOZf3Q7PfB9A/IA==",
+      "integrity": "sha512-SFsVSjp8sj5UumXOOFlkZOG6XS9SJDKw0TbwFeV+AJ8xlST8kxK5Z/5EYa111UY8732lK2S/xB653ceuaoGwpg==",
       "license": "MIT",
       "engines": {
         "node": ">=16.9.0"