feat(mcp) : add McpHeaderAuthenticator with rate limiting

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

config/packages/mcp.yaml

@@ -1,6 +1,6 @@
 mcp:
     app: 'inventory'
-    version: '%env(file:resolve:VERSION)%'
+    version: '1.0.0'
     description: 'Inventory MCP Server - Gestion inventaire industriel (machines, pièces, composants, produits)'
     instructions: |
         Serveur MCP pour gérer un inventaire industriel.

config/packages/security.yaml

@@ -27,6 +27,12 @@ security:
             pattern: ^/api/session/profiles?$
             security: false
 
+        mcp:
+            pattern: ^/_mcp
+            stateless: true
+            custom_authenticators:
+                - App\Mcp\Security\McpHeaderAuthenticator
+
         api:
             pattern: ^/api
             stateless: false
@@ -49,6 +55,7 @@ security:
         - { path: ^/api/admin, roles: ROLE_ADMIN }
         - { path: ^/api/docs, roles: PUBLIC_ACCESS }
         - { path: ^/api/health$, roles: PUBLIC_ACCESS }
+        - { path: ^/_mcp, roles: ROLE_USER }
         - { path: ^/docs, roles: PUBLIC_ACCESS }
         - { path: ^/contexts, roles: PUBLIC_ACCESS }
         - { path: ^/\.well-known, roles: PUBLIC_ACCESS }

config/services.yaml

@@ -34,6 +34,10 @@ services:
         tags:
             - { name: doctrine.event_subscriber }
 
+    App\Mcp\Security\McpHeaderAuthenticator:
+        arguments:
+            $mcpAuthLimiter: '@limiter.mcp_auth'
+
     App\OpenApi\OpenApiDecorator:
         decorates: 'api_platform.openapi.factory'
         arguments: