fix(mcp): persist OAuth state across restarts (#1212)

## Description
Persist MCP OAuth state so Claude can refresh codemem MCP auth across process restarts and package upgrades instead of silently losing tools.

This adds a JSON-backed OAuth state store for dynamic client registrations, access-token hashes, and refresh-token grants/hash history, and wires the HTTP server to use it by default. Tests cover client and refresh continuity after recreating the store/server.

## Type of Change

- [ ] 🚀 Feature (new functionality)
- [x] 🐛 Bug fix (fixes an issue)
- [ ] 📚 Documentation (docs-only change)
- [ ] 🔧 Maintenance (refactor, chore, CI, etc.)
- [ ] 🧪 Testing (test-only changes)

## Testing

- [x] Relevant checks pass locally (`pnpm run tsc`, `pnpm run lint`, `pnpm run test`)
- [x] Added/updated tests for changes
- [ ] Manually verified changes work as expected

Local checks run:

- `pnpm exec vitest run packages/mcp-server/src/provider.test.ts packages/mcp-server/src/http.test.ts`
- `pnpm run tsc`
- `pnpm run lint`

## Checklist

- [x] Code follows project style (`pnpm run lint` passes for touched files)
- [x] Self-review completed
- [x] Documentation updated (if needed)
- [x] No new warnings introduced