fix: apply hardened http client default to MCP SSE transport

[ioleksiuk]

Summary

Mirror the redirect-hardening pattern from #3451 to the SSE transport.

MCPServerStreamableHttp.create_streams (server.py:1444-1446) always applies _create_default_streamable_http_client, which sets follow_redirects=False. MCPServerSse.create_streams (server.py:1300-1301) only forwarded the factory when the user supplied one, so the default path fell through to MCP SDK's create_mcp_http_client, which has follow_redirects=True.

This PR aligns the two transports so the default SSE client picks up the same hardening as StreamableHTTP.

Test plan

• Updated tests/mcp/test_mcp_auth_params.py::test_sse_default_no_auth_no_factory and test_sse_with_auth to assert the default factory is now always forwarded.
• Existing SSE tests with user-provided factory (test_sse_with_httpx_client_factory, test_sse_with_auth_and_factory) continue to pass unchanged.
• uv run pytest tests/mcp/ — 209 passed.
• uv run ruff check / ruff format --check — clean.

[seratch]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Nice work!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".