Grant type is hardcoded `authorization_code` for DCR

[wcarson]

Describe the bug
In OAuthClientRegistrar the declared grant types for client registration are hard coded to authorization_code with no option to add additional grant types such as refresh_token. For authorization servers that require refresh_token grant type be declared during client registration, this effectively prevents clients from using refresh tokens with some authorization servers.

Both Python and Typescript MCP SDKs provide OAuthClientProvider/OAuthClientMetadata constructs to allow specifying grant types as well as other client metadata.

To Reproduce
Steps to reproduce the behavior:

1. DCR with an MCP server/authz server that requires refresh_token declaration
2. Request offline_access scope during authorization
3. (may or may not get a refresh token depending on the authz server)
4. Try to exchange the refresh token for a new access token
5. Request will be rejected

Expected behavior
Provide a mechanism to specify grant types to be declared at client registration time.

Logs
n/a

Additional context
Mentioned above, but to reiterate, other official MCP SDKs (e.g. Typescript, Python, etc.) do support specifying grant types through configuration.