fix: support "form_post" to be one of response modes in authorization server metadata validation

[ke-yu]

Add form_post to OAuthMetadta.response_modes_supported array.

Motivation and Context

"form_post" is one of valid values - RFC 8414 OAuth 2.0 Authorization Server Metadata

response_modes_supported
OPTIONAL. JSON array containing a list of the OAuth 2.0 "response_mode" values that this authorization server supports, as specified in "OAuth 2.0 Multiple Response Type Encoding Practices" [OAuth.Responses]. If omitted, the default is "["query", "fragment"]". The response mode value "form_post" is also defined in "OAuth 2.0 Form Post Response Mode" [OAuth.Post].

Currently if authorization server metadata endpoint returns response_mode_supported that contains form_post, the validation will fail:

validation error for OAuthMetadata
response_modes_supported.1
  Input should be 'query' or 'fragment' [type=literal_error, input_value='form_post', input_type=str]
    For further information visit https://errors.pydantic.dev/2.11/v/literal_error

How Has This Been Tested?

Tested locally, ensure authorize goes to the authorization server that passed to simple auth server.

Breaking Changes

No.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context