Fix MCP API scope validation to allow multiple scopes

What does this MR do and why?

This MR extracts key changes from Implement MCP client that uses Gitlab MCP server (!206445 - merged) that are prerequisites for MCP client implementation:

• Changes scope validation from exact match (==) to inclusion check (.include?)
• Changes GET endpoint status from :not_implemented to :method_not_allowed per MCP protocol specification
• Extend AI_WORKFLOW_SCOPES to contain mcp

Primary use case

We want to gradually migrate some/all of the tools usage from Duo Workflow Service to MCP Server tools:

• A token is issued for Duo Workflow Service to communicate with Rails
• Some of the tools are implemented in Duo Workflow Service (require ai_workflows scope), some of the tools will be potentially executed as Gitlab MCP Server tools (require mcp scope)
• We need both scopes to be included in the token to gradually migrate from DWS tools to MCP Server tools

Diagram

sequenceDiagram
    participant User
    participant Workhorse
    participant GitLabRails as GitLab Rails
    participant DuoWorkflowService as Duo Workflow Service

    %% Initial Setup Phase
    User->>Workhorse: Establish WebSocket connection
    Note over Workhorse,User: Bidirectional communication
    Workhorse->>GitLabRails: Auth request
    GitLabRails->>Workhorse: DWS and MCP server configurations
    Note over GitLabRails,Workhorse: Gitlab issues a token that gives access <br /> to both MCP Server and API endpoints <br /> necessary for DWS tools
    
    %% Service Connections
    Workhorse->>GitLabRails: Init session with MCP Server
    GitLabRails->>Workhorse: List of available tools
    Workhorse->>DuoWorkflowService: Establish gRPC connection
    Note over Workhorse,DuoWorkflowService: Bidirectional communication
    
    %% Tool Execution Flow
    User->>Workhorse: Input that may require MCP tool call
    Workhorse->>DuoWorkflowService: Propagate message
    DuoWorkflowService->>Workhorse: RunMCPTool action
    Workhorse->>GitLabRails: Handle action and call MCP tool
    GitLabRails->>Workhorse: Response
    Workhorse->>DuoWorkflowService: Send MCP tool response
    DuoWorkflowService->>Workhorse: Run a tool that calls API endpoint
    Workhorse->>GitLabRails: Call API endpoint
    GitLabRails->>Workhorse: Response
    Workhorse->>DuoWorkflowService: Send API tool response
    DuoWorkflowService->>Workhorse: Agent response
    Workhorse->>User: Agent response

How to test

1. Basic Agentic Chat and Duo Agent Platform functionality works as expected
2. Basic MCP Server functionality works as expected (Claude/Cursor can connect to Gitlab MCP Server)
3. Project Access Token created with mcp AND api scopes is accepted by Gitlab MCP Server

Related to: Implement MCP client that uses Gitlab MCP server (!206445 - merged)