Fix Kubernetes CRD field structures for OIDC and authz config

Update all MCPServer YAML examples to use correct CRD field structure:

1. External IdP authentication:
   - Change spec.auth.oidc → spec.oidcConfig
   - Add required type: inline field
   - Nest configuration under inline: key

2. Kubernetes service account authentication:
   - Change spec.auth.oidc → spec.oidcConfig
   - Use type: kubernetes instead of inline
   - Replace clientId with serviceAccount and namespace fields

3. Authorization configuration:
   - Change spec.auth.authorization → spec.authzConfig
   - Add required type: configMap field
   - Update field names: configMapName → name, configMapKey → key

These changes align with the actual ToolHive CRD definitions in
toolhive/cmd/thv-operator/api/v1alpha1/mcpserver_types.go

Author: jhrozek

docs/toolhive/guides-k8s/auth-k8s.mdx

@@ -77,12 +77,13 @@ spec:
     type: builtin
     name: network
   # Authentication configuration for external IdP
-  auth:
-    oidc:
-      audience: '<your-audience>'
-      clientId: '<your-client-id>'
-      issuer: '<https://your-oidc-issuer.com>'
-      jwksUrl: '<https://your-oidc-issuer.com/path/to/jwks>'
+  oidcConfig:
+    type: inline
+    inline:
+      issuer: 'https://your-oidc-issuer.com'
+      audience: 'your-audience'
+      clientId: 'your-client-id'
+      jwksUrl: 'https://your-oidc-issuer.com/path/to/jwks'
   resources:
     limits:
       cpu: '100m'
@@ -161,10 +162,12 @@ spec:
     type: builtin
     name: network
   # Authentication configuration for Kubernetes service accounts
-  auth:
-    oidc:
+  oidcConfig:
+    type: kubernetes
+    kubernetes:
+      serviceAccount: 'mcp-client'
+      namespace: 'client-apps'
       audience: 'toolhive'
-      clientId: 'mcp-client.client-apps.svc.cluster.local'
       issuer: 'https://kubernetes.default.svc'
       jwksUrl: 'https://kubernetes.default.svc/openid/v1/jwks'
   resources:
@@ -277,16 +280,20 @@ spec:
     type: builtin
     name: network
   # Authentication configuration
-  auth:
-    oidc:
+  oidcConfig:
+    type: kubernetes
+    kubernetes:
+      serviceAccount: 'mcp-client'
+      namespace: 'client-apps'
       audience: 'toolhive'
-      clientId: 'mcp-client.client-apps.svc.cluster.local'
       issuer: 'https://kubernetes.default.svc'
       jwksUrl: 'https://kubernetes.default.svc/openid/v1/jwks'
-    # Authorization configuration
-    authorization:
-      configMapName: authz-config
-      configMapKey: authz-config.json
+  # Authorization configuration
+  authzConfig:
+    type: configMap
+    configMap:
+      name: authz-config
+      key: authz-config.json
   resources:
     limits:
       cpu: '100m'