Add annotation cache for tools/list to tools/call flow

[JAORMX]

Summary

• In regular ToolHive, tool annotations (readOnlyHint, destructiveHint, etc.) are visible in tools/list responses but lost by the time tools/call arrives as a separate HTTP request. This adds an in-memory annotation cache that bridges the two operations, enabling Cedar/HTTP PDP policies to reference annotations during tools/call authorization.
• Builds on Add tool annotation context for Cedar/HTTP authz #4102 which added the annotation context plumbing and authorizer integration.

Type of change

• New feature

Test plan

• Unit tests (task test)
• Linting (task lint-fix)

Changes

File	Change
pkg/authz/annotation_cache.go	New: AnnotationCache with concurrent-safe Get/Set/SetFromToolsList, nil-safe on nil receiver
pkg/authz/annotation_cache_test.go	New: Round-trip, bulk populate, nil safety, concurrent access tests
pkg/authz/response_filter.go	Modified: ResponseFilteringWriter gains annotationCache field; filterToolsResponse populates cache from parsed tool list
pkg/authz/middleware.go	Modified: Middleware closure creates per-proxy cache; tools/call looks up annotations and injects via WithToolAnnotations
pkg/authz/response_filter_test.go	Modified: Updated NewResponseFilteringWriter call sites for new parameter

Does this introduce a user-facing change?

No — internal plumbing. Users benefit when Cedar policies reference tool annotations (e.g. resource.readOnlyHint == true), which now work for tools/call after a tools/list has populated the cache.

Special notes for reviewers

• One cache per proxy: Created in the Middleware closure, so each MCP server proxy has its own cache. Tool names are scoped to a single server, so this is correct.
• Graceful degradation: If tools/call arrives before any tools/list, Get returns nil and no annotations are injected — same behavior as before PR 1.
• Nil-safe receiver: All AnnotationCache methods handle nil receiver, so existing code passing nil to NewResponseFilteringWriter works unchanged.
• Cache populated before filtering: SetFromToolsList runs before the authorization loop, so annotations for all tools (including ones that will be filtered out) are cached.

Generated with Claude Code

[codecov]

Codecov Report

❌ Patch coverage is 94.23077% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.83%. Comparing base (cf8b6fa) to head (3e16e84).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/authz/middleware.go	50.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4114      +/-   ##
==========================================
- Coverage   68.84%   68.83%   -0.02%     
==========================================
  Files         458      459       +1     
  Lines       46274    46319      +45     
==========================================
+ Hits        31859    31884      +25     
- Misses      11953    11975      +22     
+ Partials     2462     2460       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[JAORMX]

Thanks for the review! Replied inline.

[jhrozek]

lgtm, two questions inline, not acking because Alejandro had another comment

[aponcedeleonch]

lgtm, Jakub had a comment about pagination that could be potentially worth looking into (?) as he mentioned, I don't know how real-world issue pagination is