[FEATURE][AUTH]: Use team scope from session token claims instead of DB resolution

[KKNithin]

🧭 Type of Feature

Please select the most appropriate category:

• Enhancement to existing functionality
• New feature or capability
• New MCP-compliant server
• New component or integration
• Developer tooling or test improvement
• Packaging, automation and deployment (ex: pypi, docker, quay.io, kubernetes, terraform)
• Other (please describe below)

🧭 Epic

Title: Enable team scope in session tokens
Goal: When teams are provided in the claims of a session token use them instead of resolving teams from db
Why now: This benefits users who don't want to generate team tokens but want to use the same behaviour with session tokens

---

🙋♂️ User Story 1

As a: User part of multiple teams e.g: team1, team2
I want: use a session token with teams=[team1]
So that: I can query resources scoped to team1 only

✅ Acceptance Criteria

Validate this doesn't affect the usual flow when teams are not provided in claims.

---

🔗 MCP Standards Check

• Change adheres to current MCP specifications
• No breaking changes to existing MCP-compliant integrations
• If deviations exist, please describe them below:

[crivetimihai]

Thanks @KKNithin. The current code in auth.py:1160 already caches session token teams when present, but the initial resolution path via normalize_token_teams() may not fully honour teams claims for session tokens the way it does for JWT tokens. This needs a closer look at the session token flow to ensure teams in claims takes precedence over DB resolution. Targeting 1.1.0.