[MCP] Fix the bearer token authorization header (#4846)

`http_config.auth_header` automatically added `Bearer `. By adding it
ourselves, we were sending `Bearer Bearer <token>`.

I confirmed that the GitHub MCP initialization 400s before and works
now.

I also optimized the oauth flow to not check the keyring if you
explicitly pass in a bearer token.

Author: gpeal

codex-rs/rmcp-client/src/rmcp_client.rs

@@ -120,14 +120,17 @@ impl RmcpClient {
         url: &str,
         bearer_token: Option<String>,
     ) -> Result<Self> {
-        let initial_tokens = match load_oauth_tokens(server_name, url) {
-            Ok(tokens) => tokens,
-            Err(err) => {
-                warn!("failed to read tokens for server `{server_name}`: {err}");
-                None
-            }
+        let initial_oauth_tokens = match bearer_token {
+            Some(_) => None,
+            None => match load_oauth_tokens(server_name, url) {
+                Ok(tokens) => tokens,
+                Err(err) => {
+                    warn!("failed to read tokens for server `{server_name}`: {err}");
+                    None
+                }
+            },
         };
-        let transport = if let Some(initial_tokens) = initial_tokens.clone() {
+        let transport = if let Some(initial_tokens) = initial_oauth_tokens.clone() {
             let (transport, oauth_persistor) =
                 create_oauth_transport_and_runtime(server_name, url, initial_tokens).await?;
             PendingTransport::StreamableHttpWithOAuth {
@@ -137,7 +140,7 @@ impl RmcpClient {
         } else {
             let mut http_config = StreamableHttpClientTransportConfig::with_uri(url.to_string());
             if let Some(bearer_token) = bearer_token {
-                http_config = http_config.auth_header(format!("Bearer {bearer_token}"));
+                http_config = http_config.auth_header(bearer_token);
             }
 
             let transport = StreamableHttpClientTransport::from_config(http_config);