fix(client): preserve existing query params on OAuth authorization_endpoint

[Bartok9]

Summary

• The OAuth authorization-code grant now preserves any query parameters already present on the server-advertised authorization_endpoint instead of producing a malformed double-? URL.
• User-facing impact: clients can complete OAuth against servers whose authorization_endpoint carries query params (e.g. Salesforce's .../authorize?prompt=select_account).

Motivation

Closes #2776.

_perform_authorization_code_grant built the redirect URL with:

authorization_url = f"{auth_endpoint}?{urlencode(auth_params)}"

When the server's authorization_endpoint already has a query string, this yields an invalid URL with two ? separators. The reporter's real-world example:

• Salesforce advertises https://test.salesforce.com/services/oauth2/authorize?prompt=select_account
• The client then navigated to ...authorize?prompt=select_account?response_type=code&... — the second ? is invalid, so the existing prompt param is swallowed into the value and the request is rejected.

Root cause

Blind string concatenation of ? + encoded params, with no handling for a pre-existing query component on the endpoint.

Fix

New _build_authorization_url(auth_endpoint, auth_params) helper:

• urlparse the endpoint, merge its existing query (parse_qsl) with the flow-generated auth_params, then urlunparse back into a single well-formed query string.
• Flow-generated params win on key conflicts (the client's response_type, state, PKCE challenge, etc. are authoritative).
• None-valued params are dropped rather than serialized as the literal string "None" (preserves prior effective behavior; keeps the signature type-correct as Mapping[str, str | None]).

Diff: 2 files, +103/-3.

Tests

Added TestAuthorizationEndpointWithQuery in tests/client/test_auth.py:

• test_build_authorization_url_no_existing_query — baseline, single ?.
• test_build_authorization_url_preserves_existing_query — the OAuth handler doesn't support redirect URLs with params #2776 Salesforce case; server prompt survives alongside flow params, exactly one ?.
• test_build_authorization_url_flow_params_win_on_conflict — precedence rule.
• test_perform_authorization_preserves_endpoint_query — end-to-end through _perform_authorization_code_grant, asserting the captured redirect URL is well-formed.

Verification

• uv run pytest tests/client/test_auth.py — 100 passed, 1 xfailed
• uv run pyright src/mcp/client/auth/oauth2.py — 0 errors
• uv run ruff format / ruff check — clean
• Did NOT change any unrelated behavior; flow param precedence and None handling preserve the previous effective output for endpoints without a query string.

[Bartok9]

CI note — rebased onto current main. The only remaining red cell (test (3.14, lowest-direct, …)) is a pre-existing, main-wide failure unrelated to this PR: tests/interaction/transports/test_stdio.py::test_tool_call_and_notification_round_trip… asserts byte-exact child stderr, but anyio==4.9 (the lowest-direct floor) has return inside a finally: in from_thread.py:119, which Python 3.14 emits as SyntaxWarning to stderr and pollutes the snapshot. This PR does not touch stdio or that test. Full root-cause + the 6 parallel fixes already in flight are consolidated in #2734 (comment). All other cells (incl. the previously-flaky termination test, now run in-process via #2767) are green.

[Bartok9]

Rebased onto latest upstream `main` to resolve the merge conflict (an import collision in `tests/client/test_auth.py` — kept both upstream's `OAuthTokenError` and this PR's `_build_authorization_url` import; `oauth2.py` auto-merged cleanly). The OAuth query-param fix is unchanged.

Local verification on the rebased branch:

• `uv run pytest tests/client/test_auth.py` — 136 passed, 1 xfailed (incl. the 4 new `TestAuthorizationEndpointWithQuery` cases)
• `uv run ruff check` / `ruff format --check` — clean
• `uv run pyright src/mcp/client/auth/oauth2.py` — 0 errors

PR now shows mergeable. Ready for review.