protect against attacks from MCP server URLs

[jba]

https://verialabs.com/blog/from-mcp-to-shell documents some attacks that arise from trusting the authentication URLs served by MCP servers.
We should fix this along the lines of modelcontextprotocol/typescript-sdk#877, by preventing certain URL schemes.

[jba]

#539 addresses PRM, but we should also address auth server metadata and DCR as well, following modelcontextprotocol/typescript-sdk#877.

[samthanawalla]

We can accept a PR from the community on this one.