v0.4.0 — HTTP MCP transport + auth

[marmar9615-cloud]

Tracking issue for the next release line: an opt-in Streamable
HTTP transport for the AgentBridge MCP server, with authentication,
Origin validation, and a loopback default. stdio remains the default
transport for local desktop clients.

Full body, deliverables, security requirements, and acceptance
criteria are checked into the repo at
docs/issues/v0.4.0-http-transport-auth.md
so design docs and PRs can cross-reference a stable path even if
this issue is renumbered.

Quick links

• Design doc: docs/designs/http-mcp-transport-auth.md (this PR).
• ADR: docs/adr/0001-http-mcp-transport.md (this PR).
• v1 readiness criterion: #8 in docs/v1-readiness.md.
• Threat model future-HTTP section: T14 in docs/threat-model.md.

Goal

Add an opt-in Streamable HTTP MCP transport while preserving stdio
as the default. Hosted/remote MCP clients need HTTP; local desktop
clients keep using stdio.

Security requirements (non-negotiable)

• Authentication required (no unauthenticated remote HTTP).
• Origin validation; reject unknown origins with HTTP 403.
• Loopback bind by default; public bind requires explicit opt-in.
• No query-string tokens; bearer token in `Authorization` header
  only.
• Audit events carry transport + caller metadata.
• Same confirmation gate, origin pinning, target-origin allowlist,
  idempotency, and audit redaction as the stdio path. No parallel
  safety code.

Initial deliverable (this PR)

• Design doc + ADR + cross-doc updates. No runtime change.

Non-goals (this release)

• No full OAuth 2.1 server in the first implementation (static
  bearer token first; design accommodates OAuth later).
• No removal of stdio.
• No production-hosting claim.
• No real destructive demo actions.