Include AuthInfo from Bearer Validation in Server Request Handler

[allenzhou101]

Includes the req.auth AuthInfo that's set by the MCP Server bearer auth middleware in the server request handler via SSE Transport, allowing for distinguishing of users in requests (eg. tool use).

Motivation and Context

When an MCP Server makes a tool call it may need to validate that a particular user has the authorization necessary to access a particular resource. For instance, the MCP Client could give any email it would like to the MCP Server, say to fetch audit logs of a project, but the Server should verify that the user has access to that particular project, which has to happen at the tool call level in the server.

This PR allows the developer to access the auth info not only in the initial /sse or /message route handlers but in the server request handler (eg. tool call) itself.

How Has This Been Tested?

Running an authenticated MCP Client session with a Server and validating that the extra param appears in the tool call with auth info.

Breaking Changes

None.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

This allows for simpler access of auth data than simply including the session id in the transport since you'd have to handle mapping in that case: #158