Implement SEP-835: Enhanced Authorization Flows

[felixweinberger]

This is a tracking issue for implementation of SEP-835.

Summary

This SEP significantly enhances the authorization capabilities of MCP by introducing incremental scope consent via the WWW-Authenticate header mechanism and adds support for OpenID Connect Discovery 1.0. The Rust SDK needs to implement progressive authorization flows that request additional scopes as needed during a session, support for WWW-Authenticate challenge-response patterns, and OIDC discovery endpoints to enable more granular permission management while maintaining the principle of least privilege.

Related Issues & PRs

• Implementation PRs: n/a
• Related PRs: n/a
• Related Issues: n/a

[tanish111]

@fizy069 try this

[fizy069]

@felixweinberger @alexhancock I've addressed this in #595 - could you please have a look?