Add MCP server endpoint at /mcp with JWT auth

[zer0stars]

Summary

Adds an MCP (Model Context Protocol) endpoint at /mcp so LLM-based agents can discover and query the telemetry API via the standard MCP Streamable HTTP transport, with full JWT authentication.

What's new

• /mcp endpoint — Serves MCP tools backed by the existing GraphQL API. Executes queries internally (no network hop).
• JWT auth on MCP — The MCP handler is wrapped with the same auth middleware chain as /query: PanicRecovery → Logger → RequestTimeout → CheckJWT → AddClaimHandler. JWT claims flow through to gqlgen directives (@requiresVehicleToken, @requiresAllOfPrivileges) via context propagation.
• @mcpTool directive — Annotates commonly used queries for typed shortcut tools.

Security model

MCP HTTP Request (Authorization: Bearer <jwt>)
  → PanicRecoveryMiddleware
    → LoggerMiddleware
      → RequestTimeout
        → CheckJWT (validates JWT, injects claims into ctx)
          → AddClaimHandler (creates TelemetryClaim in ctx)
            → MCP Handler
              → internal httptest execution preserves ctx
                → gqlgen directives check claims as usual

The @requiresVehicleToken and @requiresAllOfPrivileges directives enforce access control identically to the /query endpoint.

MCP tools exposed

Tool	Description
telemetry_get_schema	Returns the GraphQL schema via introspection
telemetry_query	Executes arbitrary GraphQL queries
telemetry_get_latest_signals	Get most recent signal values for a vehicle
telemetry_get_available_signals	List queryable signal names for a vehicle
telemetry_get_daily_activity	Get per-day driving activity summaries

Dependencies

• Requires server-garage#25 (pkg/mcpserver + cmd/mcpgen)
• Uses go mod replace for local development — will be updated to a tagged version after server-garage is merged

Files changed

• schema/mcp.graphqls — @mcpTool directive definition
• schema/base.graphqls — @mcpTool on signalsLatest and availableSignals
• schema/segments.graphqls — @mcpTool on dailyActivity
• internal/graph/mcp_tools_gen.go — Generated tool definitions (via mcpgen)
• internal/graph/resolver.go — Added //go:generate mcpgen directive
• gqlgen.yml — mcpTool: skip_runtime: true
• internal/app/app.go — Create MCP handler with auth middleware, add MCPHandler to App struct
• cmd/telemetry-api/main.go — Mount MCP handler at /mcp

Test plan

• Builds cleanly
• Existing tests unaffected
• Smoke test /mcp endpoint with valid JWT
• Verify auth rejection without JWT
• Verify telemetry_get_latest_signals returns signal data for authorized vehicle