feat: Enhanced security model

[microcosem]

Introduces a basic model for a more secure MCP, as an experiment.

[jfrantz-cw]

Okay, first off, i LOVE your documentation! it is very concise and to the point, but i can like, feel what you are trying to convey. Quite awesome.

Let's talk overall about what you're proposing: basically, you want message level security, to the point where you're effective leveraging envelope encryption on a per message basis. I see a few problems right away, so let's start there:

• This increases the complexity of the protocol quite a bit. It might overwhelm smaller implementations, and be confusing to new folks to the protocol. However, the mitigation there is providing reference implementations, or libraries for common languages to both ease and increase adoption
• I would be interested to see what kind of performance implications this has. Per-message crypto operations could impact applications where low-latency is a requirement. I would add performance benchmarks and guidance on when to use different security "levels"
• Key management gets complex very quickly, and i think you're making some assumptions about key distribution/PKI existing in the doc, but don't specify how its going to work
• "Capability tokens" seem like they would be added complexity as well, and possibly creating bottlenecks. I would definitely like to see some guidance on how this is supposed to be achieved (through caching, whatever)
• maxReplayWindowSeconds is always a fun one, especially with distributed systems and clock skew! I would just put some guidance on handling edge cases for clock sync

You can consider also adding preset security levels or something, to reduce the overhead and complexity. You could also build the tooling necessary to validate security envelopes, test vectors for implementers, and token generators/validators

[microcosem]

This is AWESOME @jfrantz-cw , thank you so much! It's nice to get a learned perspective on this 😁provides some great learning points for me!