[Client] Add OAuth 2.0 credential storage interface (TokenStorageInterface)

[soyuka]

Context

Foundation for every OAuth flow on the client side. Without a storage abstraction we cannot persist access tokens, refresh tokens, registered client credentials, or PKCE verifiers across requests/sessions.

Scope

• Define Mcp\Client\Auth\TokenStorageInterface with operations: getToken(string $resourceUrl): ?TokenSet, storeToken(string $resourceUrl, TokenSet $token): void, clearToken(string $resourceUrl): void, plus equivalents for registered client metadata.
• Value object TokenSet (access_token, refresh_token, expires_at, scope, token_type).
• Default implementations:
  • InMemoryTokenStorage (ephemeral, per-process).
  • Psr16TokenStorage adapter for PSR-16 CacheInterface.
• Wire into Client\Builder::setTokenStorage(...) (optional; defaults to in-memory).

Conformance scenarios unblocked

Prerequisite for all auth/* baseline scenarios.

Dependencies

None — must land first.

Acceptance

• Interface + value object + 2 storage adapters in src/Client/Auth/.
• Unit tests for both adapters.
• Builder method documented.

cc @soyuka