fix(sources/postgres): apply URL encoding to query string params (#3020)

## Description

Fixes an URL encoding issue in PostgreSQL connection strings. Keys and
values of query parameter maps are currently not escaped during
encoding, which could result in misconfiguration and poses a minor
security risk if the specification of query parameter maps were to be
restricted by the application or deployment tooling.

## PR Checklist

> Thank you for opening a Pull Request! Before submitting your PR, there
are a
> few things you can do to make sure it goes smoothly:

- [x] Make sure you reviewed

[CONTRIBUTING.md](https://github.com/googleapis/mcp-toolbox/blob/main/CONTRIBUTING.md)
- [ ] Make sure to open an issue as a

[bug/issue](https://github.com/googleapis/mcp-toolbox/issues/new/choose)
  before writing your code! That way we can discuss the change, evaluate
  designs, and agree on the general idea
- [ ] Ensure the tests and linter pass
- [ ] Code coverage does not decrease (if any source code was changed)
- [ ] Appropriate docs were updated (if necessary)
- [ ] Make sure to add `!` if this involve a breaking change

🛠️ Fixes #<issue_number_goes_here>

---------

Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>

Author: sjvanrossum

internal/sources/postgres/postgres.go

@@ -18,7 +18,6 @@ import (
 	"context"
 	"fmt"
 	"net/url"
-	"strings"
 
 	"github.com/goccy/go-yaml"
 	"github.com/googleapis/mcp-toolbox/internal/sources"
@@ -172,11 +171,11 @@ func initPostgresConnectionPool(ctx context.Context, tracer trace.Tracer, name,
 }
 
 func ConvertParamMapToRawQuery(queryParams map[string]string) string {
-	queryArray := []string{}
+	values := make(url.Values, len(queryParams))
 	for k, v := range queryParams {
-		queryArray = append(queryArray, fmt.Sprintf("%s=%s", k, v))
+		values.Set(k, v)
 	}
-	return strings.Join(queryArray, "&")
+	return values.Encode()
 }
 
 func ParseQueryExecMode(queryExecMode string) (pgx.QueryExecMode, error) {