[codex] Harden MCP release readiness

[senseibelbi]

Summary

This PR hardens the MCP server for release readiness by addressing the packaging, auth, protocol, schema-validation, and operational findings from the audit.

What changed

• Package runtime contract schemas, portable schemas, model cards, and applicability-domain definitions under epacomp_tox.data, with runtime loading through importlib.resources.
• Add OAuth/OIDC bearer-token validation for HTTP and WebSocket transports, OAuth protected-resource metadata endpoints, and WWW-Authenticate challenges.
• Scrub raw authentication from sessions, tool metadata, audit-facing context, and streamed events; only safe auth summaries are exposed.
• Advertise MCP protocol 2025-11-25 as primary while preserving older supported versions.
• Add read-only/non-destructive/open-world tool annotations centrally.
• Validate inputs with full JSON Schema semantics before execution and validate final structuredContent against output schemas after metadata attachment.
• Add process-local per-subject/IP tool-call rate limiting and metrics auth controls.
• Replace raw internal exception details in client responses with generic errors and correlation IDs where available.
• Harden AuditBundleStore path handling and atomic writes.
• Document new auth, metrics, and rate-limit settings.

Validation

• python -m pytest -q -> 220 passed
• python -m black --check src tests
• python -m isort --check-only src tests
• python scripts/validate_metadata.py
• scripts/build_docs.sh

Notes

The pre-existing local src/epacomp_tox/resources/chemical.py modification and untracked uv.lock were intentionally left out of this commit.