fix: Replace MD5 with SHA-256 for secure token hashing

- Fix CodeQL security alert #1: weak cryptographic hashing
- Changed from MD5 to SHA-256 for hashing configuration tokens
- MD5 is vulnerable to collision attacks and shouldn't be used for sensitive data
- SHA-256 is a strong cryptographic hash function suitable for this use case

Author: Vijay Iyengar

src/mcp_gitlab/utils.py

@@ -311,7 +311,7 @@ def get_client(self, config: 'GitLabConfig') -> 'GitLabClient':
         # Generate a hash of the current configuration
         import hashlib
         config_str = f"{config.url}:{config.private_token or ''}:{config.oauth_token or ''}"
-        config_hash = hashlib.md5(config_str.encode()).hexdigest()
+        config_hash = hashlib.sha256(config_str.encode()).hexdigest()
 
         # Create new client if configuration changed or no client exists
         if self._client is None or self._config_hash != config_hash: