Fix session swapping vulnerability: upgrade OAuth state parameter to MUST#1

Copilot wants to merge 2 commits intomainHitachi/modelcontextprotocol:mainfrom

copilot/review-authz-security-issuesHitachi/modelcontextprotocol:copilot/review-authz-security-issuesCopy head branch name to clipboard