fix(auth): honour TRUST_PROXY_AUTH for virtual MCP-server HTTP calls (/servers/<id>/mcp)

[shams858]

Summary

Virtual MCP-server invocations sent to
/servers/<uuid>/mcp returned 401 Unauthorized even when:

• MCP_CLIENT_AUTH_ENABLED=false
• TRUST_PROXY_AUTH=true
• proxy forwarded header (X-Authenticated-User) was present.

This PR restores the behaviour promised by #710 and documented in docs/deployment/proxy-auth.md.

What changed

1. streamablehttp_transport.py
   • Refactored streamable_http_auth()
     • Accept proxy header when client auth is disabled and proxy trust is enabled.
     • Falls back to JWT validation when client auth is enabled.
   • Removed unconditional 401 when Authorization header missing.

How to test

export MCP_CLIENT_AUTH_ENABLED=false
export TRUST_PROXY_AUTH=true
export PROXY_USER_HEADER=X-Auth-Request-User
uvicorn mcpgateway.main:app --reload  # or make dev

curl -X POST http://localhost:4444/servers/${SERVER_ID}/mcp \
     -H 'Content-Type: application/json' \
     -H 'X-Authenticated-User: alice' \
     -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'
# → 200 OK