fix: resolve security vulnerabilities and add unit tests for all tools

[ruturaj-browserstack]

Summary

• Upgrade all direct dependencies to latest stable versions resolving 12 npm audit vulnerabilities (3 moderate, 7 high, 2 critical → 0 remaining)
• Fix missing isError: true flag in error responses across 4 tool modules (rca-agent, automate, selfheal, appautomate)
• Add 10 new unit test files covering all previously untested tool modules

Dependency Upgrades

Package	Old	New	Security Fix
@modelcontextprotocol/sdk	^1.25.2	^1.29.0	—
axios	^1.13.2	^1.14.0	DoS via __proto__ (CVSS 7.5)
browserstack-local	^1.5.8	^1.5.12	Command Injection
csv-parse	^6.1.0	^6.2.1	—
dotenv	^17.2.3	^17.4.0	—
pino	^10.1.0	^10.3.1	—
webdriverio	^9.21.0	^9.27.0	—
zod	^4.2.1	^4.3.6	—

Transitive fixes: basic-ftp (CVSS 9.1), fast-xml-parser (critical), undici, lodash, minimatch, picomatch, rollup, flatted, ajv, brace-expansion

Bug Fixes

• Added isError: true to error responses in rca-agent.ts, automate.ts, selfheal.ts, appautomate.ts — previously these returned error text without the MCP protocol error flag

New Unit Tests (10 files, 46 new tests)

File	Tools Covered
accessibility.test.ts	5 accessibility tools
automate.test.ts	fetchAutomationScreenshots
bstack-sdk.test.ts	setupBrowserStackAutomateTests
buildInsights.test.ts	fetchBuildInsights
listTestFiles.test.ts	listTestFiles
percySdk.test.ts	7 Percy tools
rcaAgent.test.ts	getBuildId, listTestIds, fetchRCA
reviewAgent.test.ts	fetchPercyChanges
runPercyScan.test.ts	runPercyScan
selfheal.test.ts	fetchSelfHealedSelectors

Total: 123 tests across 16 files (up from 77 across 6)

Test Plan

• All 123 unit tests pass
• Lint clean
• TypeScript compilation clean
• npm audit reports 0 vulnerabilities
• No breaking changes in any dependency upgrade (verified against changelogs)