Updates the OAuth authorization server metadata discovery fallback behavior to attempt a fallback on any 4XX, rather than only 404s.

Motivation and Context

During auth server metadata discovery, the client SDK attempts to query the four supported metadata endpoints sequentially (#1061). However, it only falls back from one to another on 404 responses (source). This is stricter than the specification requires, and happens to break compatibility with Cognito, which returns a 400 at any endpoints it doesn't support (example).

Given that the spec doesn't limit fallback conditions to 404s, I think it should be changed to any 4XX. Arguably, it should fall back on 5XX responses as well, but I'm limiting this to 4XX responses to avoid the possibility of a load-sensitive 5XX being quadrupled in scale by fallback behaviors.

How Has This Been Tested?

Spot tested with Cognito, added a unit test.

Breaking Changes

None

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

Closes #1192