mcp: add bearer and OAuth2 authentication support to $mcp client

[nmaguiar]

Motivation

• Enable authenticated connections for remote/http MCP servers by supporting static bearer tokens and OAuth2 flows so MCP clients can call protected endpoints.
• Provide a flexible auth configuration that supports client credentials, authorization code flows, token refresh, and optional browser-based authorization.

Description

• Added aOptions.auth parsing and defaults to $mcp and extended the odoc header with usage examples for bearer and OAuth2 configurations.
• Implemented internal auth state and helpers: _auth, _urlEnc, _openAuthBrowser, _getAuthorizationCode, and _getAuthHeaders to obtain and refresh access tokens (including refresh token handling and authorization_code flow support with optional browser launch and paste prompt).
• Introduced _execWithAuth wrapper that injects Authorization headers into REST calls for remote/http types and delegates to the underlying JSON-RPC client, and replaced direct _jsonrpc.exec calls with _execWithAuth in initialize, notifications, listTools, callTool, listPrompts, getPrompt, listAgents, getAgent, sendToAgent, exec, and the initialized notification path.
• Merged auth headers into execOptions.restOptions.requestHeaders when present and added handling of auth.tokenType, refreshWindowMs, extraParams, and other OAuth2 options.

Testing

• No automated tests were added or executed as part of this change; please run the repository test suite and integration tests against an MCP server requiring authentication to validate OAuth2 and bearer flows.