feat(mcp): framework-native permission scoping with #[mcp(...)] + ToolPolicy + x-mcp OpenAPI

[Tuntii]

Summary

Implements proper framework-level permission scoping for MCP tools as requested in recent feedback.

• Introduces McpOperation struct + x-mcp OpenAPI extension for rich metadata.
• Adds #[rustapi_rs::mcp(skip)], #[mcp(write, require="confirm")], #[mcp(readonly)] support in route macros.
• ToolPolicy::ReadOnly is now the safe default (only GET etc. exposed unless opted in).
• Automatic classification of read vs write based on HTTP method.
• Permission and requiresConfirmation metadata included in tools/list responses so agents know the blast radius.
• Updated discovery logic, Route/Operation builders, e2e tests, examples, and extensive Cookbook documentation.

Motivation

Auto-exposing every endpoint (including destructive ones) has real blast radius for AI agents. Permission scoping must be native to the framework, not bolted on later.

Changes

• rustapi-openapi: McpOperation + x-mcp
• rustapi-macros: parsing for #[mcp(...)]
• rustapi-core: .mcp() on Route
• rustapi-mcp: ToolPolicy, filtering in discovery, metadata in responses
• Docs + 05-mcp-server example updated with more ReadOnly examples.

Testing

• Local cargo check passes for affected crates.
• Will monitor GitHub Actions.

Feedback welcome on the API design (e.g. more granular Custom policy later).