feat(mcp): add OAuth PKCE token exchange (#1130)

## Description
Adds the Phase 1 MCP OAuth authorization-code flow with PKCE S256 on top of the metadata/DCR slice. `/authorize` validates registered public clients, exact redirect URIs, response type, PKCE method/challenge, and preserves `state` before issuing short-lived single-use codes. `/token` accepts form-encoded authorization-code grants, validates PKCE verifiers, code expiry/reuse, client, and redirect URI, then returns an opaque bearer token response.

This intentionally does not add upstream identity allowlisting or `/mcp` bearer enforcement; those remain follow-up slices.

## Type of Change

- [x] 🚀 Feature (new functionality)
- [ ] 🐛 Bug fix (fixes an issue)
- [ ] 📚 Documentation (docs-only change)
- [ ] 🔧 Maintenance (refactor, chore, CI, etc.)
- [x] 🧪 Testing (test-only changes)

## Testing

- [x] Relevant checks pass locally (`pnpm run tsc`, `pnpm run lint`, `pnpm run test`)
- [x] Added/updated tests for changes
- [x] Manually verified changes work as expected

Validation run locally:
- `pnpm run tsc && pnpm run lint && pnpm exec vitest run packages/mcp-server/src/oauth.test.ts packages/mcp-server/src/http.test.ts`
- `pnpm run test`
- CodeReviewer review + re-review: no remaining blockers
- Snyk Code scan on `packages/mcp-server/src` (remaining HTTP finding is expected for local raw HTTP transport)

## Checklist

- [x] Code follows project style (`pnpm run lint` passes for touched files)
- [x] Self-review completed
- [x] Documentation updated (if needed)
- [x] No new warnings introduced