fix: add OpenID Connect discovery support per spec-2025-11-25 4.3

[tanish111]

Motivation and Context

Previously, discovery only tried OAuth 2.0 Authorization Server Metadata endpoints.
Now follows the spec-mandated priority order (​Version 2025-11-25 Section 4.3 Authorization Server Metadata Discovery):

• For URLs with path components: OAuth with path insertion → OpenID Connect with path insertion → OpenID Connect with path appending
• For URLs without path components: OAuth → OpenID Connect
  This ensures interoperability with both OAuth 2.0 and OpenID Connect Discovery 1.0 specifications.

How Has This Been Tested?

Added unit tests for discovery URL generation covering root URLs, single/multiple path segments, and trailing slashes. All existing tests pass;

Breaking Changes

No

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

#597
Typescript Implementation

[tanish111]

@alexhancock @jokemanfire I identified a minor violation in the metadata discovery priority order and implemented a fix.
Requesting you to review it.

[tanish111]

This will also be required to add full support for OpenID Connect and to implement SEP-990.

[tanish111]

@alexhancock @jokemanfire I identified a minor violation in the metadata discovery priority order and implemented a fix. Requesting you to review it.

Follow up.

[alexhancock]

@tanish111 Thanks. Sorry for the delay in review

[tanish111]

@alexhancock thanks for looking at it.
Also I want to explore the codebase and find such issues so would not be committing for next 2 weeks atleast.