fix: Improve AutoGen Studio: deprecate FunctionTool, harden MCP WebSocket endpoint

[victordibia]

Why are these changes needed?

Two improvements to AutoGen Studio's security posture and developer experience:

1. Deprecate FunctionTool in the UI: FunctionTool uses exec() to run user-supplied Python code at config load time. The UI now shows a deprecation warning for existing FunctionTool configs and directs users to MCP Workbenches instead. The FunctionTool template has been removed from the component gallery. Validation no longer instantiates FunctionTool configs (skips load_component() to avoid exec()).

2. Harden MCP WebSocket endpoint: Previously, MCP server params were passed as base64-encoded query string parameters on the WebSocket URL. Now, server params are stored server-side via the POST /ws/connect endpoint and looked up by session_id when the WebSocket connects. Sessions are one-time use (pop on connect).

Changes

• validation_service.py — Skip load_component() for FunctionTool
• mcp.py — Server-side pending_session_params storage; WebSocket handler looks up params by session_id
• component-templates.ts — Remove FunctionTool template
• agent-fields.tsx — Remove handleAddTool
• tool-fields.tsx — Show deprecation warning instead of code editor
• workbench-fields.tsx — Remove "Add Tool" buttons

Related issue number

N/A — internal security hardening

Checks

• I've included any doc changes needed for https://microsoft.github.io/autogen/. See https://github.com/microsoft/autogen/blob/main/CONTRIBUTING.md to build and test documentation locally.
• I've added tests (if relevant) corresponding to the changes introduced in this PR.
• I've made sure all auto checks have passed.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.21%. Comparing base (13e144e) to head (b275023).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7362      +/-   ##
==========================================
- Coverage   81.22%   81.21%   -0.01%     
==========================================
  Files         244      244              
  Lines       18512    18514       +2     
==========================================
+ Hits        15036    15037       +1     
- Misses       3476     3477       +1     

Flag	Coverage Δ
unittests	81.21% <100.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.