MCP Server Attestation

Layer-2 supply-chain hardening for MCP servers

Ed25519-signed tool manifests, runtime spawn-attestation, default-deny argument sanitizer. Defends against marketplace-poisoning + CVE-2025-69256.