Fix remaining CodeRabbit review issues for Keycloak provider

Address 3 additional code review comments from CodeRabbitAI:

- Fix markdownlint violations in keycloak/README.md:
  - Add bash language tag to docker-compose restart code block
  - Remove trailing whitespace
  - Add blank line after Python code fence for proper list continuation

- Guard against missing access token in server.py get_access_token_claims tool:
  - Check if token or token.claims is None before accessing claims
  - Raise RuntimeError with clear message instead of AttributeError
  - Provides better error handling for unauthenticated requests

- Preserve Authorization header when proxying client registration in keycloak.py:
  - Forward all incoming headers except Host to support authenticated DCR
  - Enables realms that require initial access tokens or bearer tokens
  - Avoids routing issues by excluding Host header
  - Ensures Content-Type is always application/json for modified body

These changes improve error handling, support authenticated Dynamic Client
Registration scenarios, and ensure documentation passes linting checks.

Author: stephaneberle9

examples/auth/keycloak_auth/keycloak/README.md

@@ -25,11 +25,11 @@ This script will:
 
 The Docker setup automatically imports a preconfigured realm configured for dynamic client registration. The default settings are described below and can be adjusted or complemented as needed by editing the [`realm-fastmcp.json`](realm-fastmcp.json) file before starting Keycloak. If settings are changed after Keycloak has been started, restart Keycloak with
 
-```
+```bash
 docker-compose restart
 ```
 
-to apply the changes. 
+to apply the changes.
 
 ### Realm: `fastmcp`
 
@@ -127,4 +127,5 @@ docker-compose logs -f keycloak
      # Or clear all OAuth cache data
      FileTokenStorage.clear_all()
      ```
+
    - After clearing the cache, run your client again to automatically re-register with Keycloak

examples/auth/keycloak_auth/server.py

@@ -51,6 +51,9 @@ def echo(message: str) -> str:
 async def get_access_token_claims() -> dict:
     """Get the authenticated user's access token claims."""
     token = get_access_token()
+    if token is None or token.claims is None:
+        raise RuntimeError("No valid access token found. Authentication required.")
+
     return {
         "sub": token.claims.get("sub"),
         "name": token.claims.get("name"),

src/fastmcp/server/auth/providers/keycloak.py

@@ -280,11 +280,19 @@ async def register_client_proxy(request):
                     logger.info(
                         f"Forwarding client registration to Keycloak: {self.oidc_config.registration_endpoint}"
                     )
+                    # Forward all headers except Host (to avoid routing issues)
+                    forward_headers = {
+                        key: value
+                        for key, value in request.headers.items()
+                        if key.lower() != "host"
+                    }
+                    # Ensure Content-Type is set correctly for our JSON body
+                    forward_headers["Content-Type"] = "application/json"
+
                     response = await client.post(
                         self.oidc_config.registration_endpoint,
                         content=body,
-                        # Set headers explicitly to avoid forwarding host/authorization that might conflict
-                        headers={"Content-Type": "application/json"},
+                        headers=forward_headers,
                     )
 
                     if response.status_code != 201: