postgres-mcp-server: Add support for custom secret_arn parameter

[thibauld]

Problem

The postgres-mcp-server currently only supports auto-discovering the secret_arn from the cluster's MasterUserSecret property. This only works when the Aurora/RDS cluster is configured with "Managed in AWS Secrets Manager" credentials management.

However, many production clusters use:

• Self-managed credentials with separate read-only secrets in Secrets Manager
• Different secrets for different access levels (admin vs read-only)
• Custom secret ARNs that aren't the cluster's MasterUserSecret

In these cases, the MCP server fails with run_query unexpected error because secret_arn is None when making RDS Data API calls.

Current Behavior

The server auto-discovers secret_arn from cluster properties (server.py:595):
secret_arn = cluster_properties.get('MasterUserSecret', {}).get('SecretArn')

If MasterUserSecret doesn't exist (self-managed credentials), secret_arn is None and all queries fail.

Proposed Solution

Add a --secret_arn CLI parameter to allow users to specify a custom Secrets Manager ARN:

uvx awslabs.postgres-mcp-server@latest \
 --connection_method RDS_API \ 
 --db_type APG \
 --db_cluster_arn arn:aws:rds:us-east-2:123456789:cluster:my-cluster \
 --secret_arn arn:aws:secretsmanager:us-east-2:123456789:secret:my-readonly-secret \
 --database prod \
 --region us-east-2

Additional Bug

There's also a bug where the CLI defines --db_endpoint but server.py:726 references args.hostname, causing:

AttributeError: 'Namespace' object has no attribute 'hostname'

Environment

• Package version: 1.0.16
• Connection method: RDS_API
• Cluster type: Aurora PostgreSQL with self-managed credentials