fix: reject initialize protocol version mismatch

[he-yufeng]

Fixes #963.

This rejects an initial Streamable HTTP initialize request when the Mcp-Protocol-Version header is present and disagrees with the JSON-RPC protocolVersion in the body. The response uses the same header mismatch error path as the newer MCP header checks.

To verify:

• go test ./mcp -run TestStreamableServerTransport -count=1
• go test ./mcp -count=1
• go test ./... -count=1

[he-yufeng]

Updated this branch and rebased it onto current origin/main.

The failing test (1.26) / race-test jobs were caused by the existing test helper for SEP-2243 headers: it injected a fixed Mcp-Protocol-Version: 2025-11-25 on initialize, while those tests now connect with the newer minVersionForStandardHeaders protocol. With this PR's mismatch check, that became a real bad-request path.

Changes in the update:

• initialize requests with a new-protocol header now use the initialize body's protocolVersion for the header/meta validation path.
• the test helper now keeps the initialize protocol header aligned with the body and sets Mcp-Method: initialize for the new-protocol header tests.

Validated locally:

go test ./mcp
go test -race ./mcp
go test ./...
git diff --check