fix(security): update Angular packages to address CVEs

- CVE-2025-66035: XSRF token leakage via protocol-relative URLs
- CVE-2025-66412: Stored XSS via SVG animation and MathML attributes
- CVE-2025-66414: DNS rebinding in @modelcontextprotocol/sdk

Updated @angular/* packages to 20.3.15 and @angular/cli to 20.3.13.

package.json

@@ -138,27 +138,27 @@
   },
   "devDependencies": {
     "@angular-builders/custom-webpack": "^20.0.0",
-    "@angular-devkit/build-angular": "^20.3.7",
+    "@angular-devkit/build-angular": "^20.3.13",
     "@angular-eslint/builder": "^20.5.0",
     "@angular-eslint/eslint-plugin": "^20.5.0",
     "@angular-eslint/eslint-plugin-template": "^20.5.0",
     "@angular-eslint/schematics": "^20.5.0",
     "@angular-eslint/template-parser": "^20.5.0",
-    "@angular/animations": "^20.3.7",
+    "@angular/animations": "^20.3.15",
     "@angular/cdk": "^20.2.10",
-    "@angular/cli": "^20.3.7",
-    "@angular/common": "^20.3.7",
-    "@angular/compiler": "^20.3.7",
-    "@angular/compiler-cli": "^20.3.7",
-    "@angular/core": "^20.3.7",
-    "@angular/forms": "^20.3.7",
-    "@angular/language-service": "^20.3.7",
+    "@angular/cli": "^20.3.13",
+    "@angular/common": "^20.3.15",
+    "@angular/compiler": "^20.3.15",
+    "@angular/compiler-cli": "^20.3.15",
+    "@angular/core": "^20.3.15",
+    "@angular/forms": "^20.3.15",
+    "@angular/language-service": "^20.3.15",
     "@angular/material": "^20.2.10",
-    "@angular/platform-browser": "^20.3.7",
-    "@angular/platform-browser-dynamic": "^20.3.7",
-    "@angular/platform-server": "^20.3.7",
-    "@angular/router": "^20.3.7",
-    "@angular/service-worker": "^20.3.7",
+    "@angular/platform-browser": "^20.3.15",
+    "@angular/platform-browser-dynamic": "^20.3.15",
+    "@angular/platform-server": "^20.3.15",
+    "@angular/router": "^20.3.15",
+    "@angular/service-worker": "^20.3.15",
     "@capacitor/android": "^7.4.4",
     "@capacitor/app": "^7.1.0",
     "@capacitor/cli": "^7.4.4",