chrome-devtools-mcp: Symlink attack via PID file in /tmp

The chrome-devtools-mcp daemon writes its PID file to a deterministic path under /tmp without using O_NOFOLLOW, allowing a local attacker to pre-create a symlink to overwrite an arbitrary file writable by the victim.

Users on macOS or Linux where $XDG_RUNTIME_DIR is unset, who run the chrome-devtools-mcp daemon, on multi-user POSIX hosts.

Apply the suggested fix: open the PID file with O_NOFOLLOW and validate runtime directory ownership/permissions before writing.