Incorporate comprehensive auth scenarios into Server Card spec

[tadasant]

@tobinsouth raised a number of auth-related shape concerns here: modelcontextprotocol/modelcontextprotocol#2742

We should incorporate those into the Server Card shape, to the extent where we agree they make sense.

I think we should:

1. Immediately do a quick pass to make sure nothing in the current draft is backwards incompatible with the concerns he's raised
2. Finalize the initial SEP with a limited shape, formalizing this extension
3. Then as a fast follow work to expand our shapes to fully support all of Tobin's scenarios

I'd rather do 2 before 3, so we don't introduce a whole lot of new fields into server.json as part of this Server Card formalization out of the gate. Better to propose and collect some community feedback before we lock them in.

[tadasant]

🤖 Drafted by Claude Code (an AI coding agent) on behalf of @tadasant.

Split out step 1 of the plan above — the "quick pass to make sure nothing in the current draft is backwards incompatible" with @tobinsouth's concerns — into its own tracking issue: #17.

This issue (#13) is blocked by #17. #17 is the gating, do-it-now forward-compatibility audit against SEP-2742; the full auth-scenario incorporation tracked here is the post-ratification fast-follow (steps 2–3).