Fix JRuby concurrency races in browser OAuth and auth storage

[patvice]

Summary

This PR fixes JRuby concurrency races reported in CI for BrowserOAuthProvider, and adds a broader JRuby hardening pass for auth storage.

Issues Addressed

1. Browser OAuth logger race under JRuby
   • CI failures showed ConcurrencyError from logger doubles being touched from callback and main auth threads.
2. Shared in-memory auth storage without synchronization
   • MemoryStorage used shared Hashes without a mutex, which is risky under JRuby concurrent access.

Changes

1) Browser OAuth callback-thread log isolation

• BrowserOAuthProvider now isolates callback-worker logging from the caller logger:
  • Keeps user-facing flow logs on the main auth thread.
  • Uses a NullLogger for callback-thread internals (HttpServer, CallbackHandler, and callback worker error path).
• Retains synchronized main-thread logger calls via SynchronizedLogger.

2) Thread-safe MemoryStorage

• Added an internal mutex and synchronized all read/write/delete operations for:
  • tokens
  • client infos
  • server metadata
  • PKCE state
  • OAuth state
  • resource metadata

3) Concurrency regression coverage

• Added a MemoryStorage spec that performs concurrent reads/writes and asserts no raised errors.

Validation

RuboCop

• bundle exec rake rubocop ✅

MRI

• bundle exec rake spec ✅ (1843 examples, 0 failures)

JRuby (Java 21)

• RBENV_VERSION=jruby-10.0.2.0 bundle exec rake spec ✅ (1843 examples, 0 failures)
• Stress run for the previously failing BrowserOAuth examples:
  • spec/ruby_llm/mcp/auth/browser_oauth_provider_spec.rb:876
  • spec/ruby_llm/mcp/auth/browser_oauth_provider_spec.rb:974
  • looped 30x, all pass ✅

Notes

• During local verification, running MRI and JRuby suites in parallel can cause false failures due fixture port contention (e.g. EADDRINUSE on fixed test ports). Final validation above was run sequentially.