docs: note AnyUrl pre-normalisation in get_resource docstring

Pydantic's AnyUrl resolves %2E%2E and traversal during validation, so
str(AnyUrl("file:///a/%2E%2E/b")) yields "file:///b". The JSON-RPC
protocol layer uses raw str and is unaffected, but internal callers
wrapping in AnyUrl get silently different security semantics.

The normalisation is mostly protective (resolved paths won't match
templates with fixed prefixes), so this documents the inconsistency
rather than narrowing the signature.

Author: maxisbey

src/mcp/server/mcpserver/resources/resource_manager.py

@@ -83,7 +83,17 @@ def add_template(
         return template
 
     async def get_resource(self, uri: AnyUrl | str, context: Context[LifespanContextT, RequestT]) -> Resource:
-        """Get resource by URI, checking concrete resources first, then templates."""
+        """Get resource by URI, checking concrete resources first, then templates.
+
+        Note:
+            Pydantic's ``AnyUrl`` normalises percent-encoding and
+            resolves ``..`` segments during validation, so a value
+            constructed as ``AnyUrl("file:///a/%2E%2E/b")`` arrives
+            here as ``file:///b``. The JSON-RPC protocol layer passes
+            raw ``str`` values and is unaffected, but internal callers
+            wrapping URIs in ``AnyUrl`` should be aware that security
+            checks see the already-normalised form.
+        """
         uri_str = str(uri)
         logger.debug("Getting resource", extra={"uri": uri_str})