mcp: query param APIKey

[mathetake]

Description
This adds support for API Key upstream auth as a HTTP query parameter for MCP servers. There are several public MCP server that employ this pattern, thus this unlocks several patterns.

To adds support for that, this remove the use of CredentialsInjector for inserting API Keys as it doesn't support the query parameter as a location.

Related Issues/PRs (if applicable)
Closes #1731

[codecov-commenter]

Codecov Report

❌ Patch coverage is 90.32258% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.55%. Comparing base (4347d17) to head (0c84721).

Files with missing lines	Patch %	Lines
internal/controller/mcp_route.go	89.83%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1800      +/-   ##
==========================================
+ Coverage   83.48%   83.55%   +0.06%     
==========================================
  Files         124      124              
  Lines       16438    16427      -11     
==========================================
+ Hits        13723    13725       +2     
+ Misses       1814     1805       -9     
+ Partials      901      897       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mtparet]

Did we removed support for /path on mcp backend ? @mathetake @nacx

https://github.com/envoyproxy/ai-gateway/pull/1800/changes#diff-2e576c5279d63e220a680a1643f6cef655d451271714eed9405d4f0203d4704aL498