Reduce file permissions for config files to protect OAuth secrets

[bbakersmith]

Currently, configuration files under ~/.mcp-auth/ are created with 644 permissions which allows all users to read the contents. These files contain OAuth tokens and PKCEs which should not be accessible to anyone but the user they belong to.

This PR changes those file permissions to 600 so that only the current user can read them.

[clouatre]

Reviewed and tested locally on macOS.

Testing:

• ✅ All unit tests pass (44/44)
• ✅ Build succeeds without errors
• ✅ Code change is minimal and correct
• ✅ Verified current files are indeed 644 (world-readable)

Security Assessment:
This fixes a real security issue. OAuth tokens in ~/.mcp-auth/ are currently
world-readable (644), allowing any local user to steal credentials and access
Atlassian instances.

Code Quality:

• Follows Node.js fs.writeFile API correctly
• Applied consistently to both writeJsonFile and writeTextFile
• No breaking changes
• Matches security best practices for credential storage

LGTM! This should be merged, especially for users on shared/corporate systems.

[pkg-pr-new]

Open in StackBlitz

npx https://pkg.pr.new/mcp-remote@160

commit: 60d842f