feat(mcp): add Boruta-authenticated server

Summary

• Add a Boruta-backed OAuth authorization-code flow for MCP clients, including dynamic client registration and token issuance endpoints.
• Expose MCP discovery metadata and protected-resource metadata under /.well-known.
• Forward /mcp to an EMCP streamable HTTP server protected by Boruta bearer tokens with the mcp scope, with an initial authenticated whoami tool.
• Add Boruta schema migrations, the mcp OAuth scope, runtime issuer configuration, and tests for discovery, registration, MCP auth challenge, and login return handling.

Testing

• mix compile --warnings-as-errors
• mix test
• mix credo

No GitHub comments yet.