Fix on streamable‑http auth drop on Azure

[AlesoGio]

Replaced all Mount(self.settings.streamable_http_path, …) registrations with Route(self.settings.streamable_http_path, endpoint=…, methods=["POST","GET","DELETE"]) to eliminate the automatic 307 redirect and ensure the Authorization header is preserved on public deployments.

Motivation and Context

During the 307 redirect from/mcp to /mcp/, many HTTP clients drop sensitive headers like Authorization when following external redirects. Locally, Uvicorn + HTTPX transparently reattach headers, so the bug only appeared when I distributed the server on Azure. Switching to Route removes the redirect entirely, preserving end‑to‑end authentication and restoring expected behavior of the streamable‑http transport.

How Has This Been Tested?

Local: verified with MCP Inspector that /mcp and /mcp/ calls succeed without dropping headers.

Azure: deployed to Azure App Service, exercised full OAuth flow and MCP Inspector connect; confirmed no 307 redirect and successful streamable‑http sessions.

Breaking Changes

None. This is a transparent change to route registration. Existing clients can continue calling /mcp or /mcp/ with no code or configuration updates.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

[ihrpr]

Thank you for your contribution!
We merged #1115, which should be solving the same problem. Please re-open this PR if you still have the same issue.