feat: CIMD support check for authorization-server metadata (supersedes #235)

[pcarleton]

Supersedes #235 by @tnorimat. Original commit cherry-picked with authorship preserved (0c17d8f), rebased onto current main (post-#364), with the unrelated src/checks/client.ts change dropped and the version-gating reworked.

What this adds

A second check on the authorization-server-metadata-endpoint scenario that verifies the AS metadata advertises client_id_metadata_document_supported: true (Client ID Metadata Document support). Emits WARNING when absent or false — CIMD support is SHOULD in MCP 2025-11-25, not MUST.

Per-check spec-version gating

Rather than threading specVersion into run() and branching on === '2025-11-25', this introduces an optional ConformanceCheck.source field (same {introducedIn, removedIn} shape scenarios already use). The runner filters returned checks against --spec-version using the existing matchesSpecVersion comparator. Scenarios emit all their checks unconditionally; the runner decides which apply.

The CIMD check is tagged source: { introducedIn: '2025-11-25' }, so it's reported for --spec-version 2025-11-25 and draft, and dropped for earlier versions.

Changes vs #235

• src/checks/client.ts / checks.test.ts hunks dropped — out of scope (downgraded MUST-level initialization checks to WARNING)
• CIMD status FAILURE → WARNING (SHOULD-level requirement)
• Spec references use the existing SpecReferences.MCP_CLIENT_ID_METADATA_DOCUMENTS / IETF_CIMD constants
• Version gate via declarative check.source instead of a runtime specVersion === '2025-11-25' branch and the associated run() signature change

Closes #235. Closes #234.

[pkg-pr-new]

Open in StackBlitz

npx https://pkg.pr.new/@modelcontextprotocol/conformance@365

commit: c4323ae