SEP-835: oauthex.GetAuthServerMeta should implement OpenID fallback

[jba]

It should follow the list of paths to try that is specified in https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/docs/specification/draft/basic/authorization.mdx?plain=1#L102-L111.

[samthanawalla]

~~I added #520 to implement the OpenID spec. I can close it if it's a duplicate of this unless this bug is for just the fallback logic.~~

Let me know if you would like help with this- happy to do it if you would like.

[findleyr]

From @wagnerjt: https://github.com/markbates/goth/tree/master

[wagnerjt]

From @wagnerjt: https://github.com/markbates/goth/tree/master

I wanted to add more context here. For this link ☝️ was to show generally how multiple authorization servers (providers) are different. Also for potential inspiration to make server auth pattern simpler by the exposing something like the Provider and Session interfaces.

Now for OpenID connect (OAuth 1.0), there is another well-known endpoint that must be used: https://{oauth-provider-hostname}/.well-known/openid-configuration. What I want to clarify here is that some auth servers have some additional appending or inserting around where this endpoint is at. For the full MCP reference, this PR does a good job that outlines those specifics.

Thankfully for the client implementation, the oauth2.Config and oauth2.Endpoint comes in pretty handy when actually requesting for a token.