fix(a2a): forward passthrough headers on MCP tool invocation path

[kimsehwan96]

🔗 Related Issue

Closes #5004

---

📝 Summary

When an A2A agent is associated with a server, it's auto-registered as an MCP tool and invoked via POST /servers/{id}/mcp. That path built outbound headers as just {"Content-Type": "application/json"} and never applied the agent's configured passthrough_headers, so whitelisted inbound headers (e.g. x-user-id) were silently dropped. The REST path (POST /a2a/{name} → invoke_agent) already honors passthrough_headers, so the two invocation paths behaved inconsistently.

This forwards the agent's whitelisted passthrough_headers from the inbound request on the MCP-tool path too, before the pre-invoke plugin hook — mirroring the existing REST path. Downstream A2A servers that identify the user via headers (e.g. a kagent ADK agent reading x-user-id, otherwise falling back to a random A2A_USER_<contextId>) now receive them, restoring session/user attribution.

---

🏷️ Type of Change

• Bug fix
• Feature / Enhancement
• Documentation
• Refactor
• Chore (deps, CI, tooling)
• Other (describe below)

---

🧪 Verification

Check	Command	Status
Lint suite	make lint	pass
Unit tests	make test	pass
Coverage ≥ 80%	make coverage	pass

---

✅ Checklist

• Code formatted (make black isort pre-commit)
• Tests added/updated for changes
• Documentation updated (if applicable)
• No secrets or credentials committed

---

📓 Notes (optional)

• Added test asserts a whitelisted header (x-user-id) reaches the outbound call while a non-whitelisted one (x-secret) is dropped.
• The legacy _invoke_a2a_tool / _call_a2a_agent helpers have the same gap but are currently unreferenced (no live callers), so they're left untouched to keep the change minimal.