[PERFORMANCE]: Cache auth/crypto key material and derived objects

[crivetimihai]

Summary

Auth and crypto helpers re-derive or re-read secrets on each call. Caching these values reduces CPU/I/O overhead in auth-heavy workloads.

Evidence (current code)

• mcpgateway/utils/jwt_config_helper.py: get_jwt_public_key_or_secret and get_jwt_private_key_or_secret read key files from disk on every verify/create call.
• mcpgateway/utils/services_auth.py: get_key() re-hashes the passphrase and constructs AESGCM for every encode/decode.
• mcpgateway/services/resource_service.py / mcpgateway/services/tool_service.py: validate_signature and ssl.create_default_context are invoked inside per-request flows.

Impact

• Extra CPU per authenticated request and extra file I/O for asymmetric JWT verification.
• Unnecessary crypto object allocation for repeated operations.
• CA signature checks and SSL context creation add CPU overhead in tool/resource invocations.

Proposed fix

• Cache key material in memory and reload only when path or mtime changes.
• Cache derived AESGCM and key bytes; invalidate if AUTH_ENCRYPTION_SECRET changes.
• Cache CA validation results and SSL contexts per gateway (invalidate on cert change).

Acceptance criteria

• Key files are not read per request in steady state.
• AESGCM is reused across calls without changing behavior.
• SSL contexts are reused until cert changes.