fix: reject initialize protocol version conflicts

[he-yufeng]

Summary

• reject initialize requests when the mcp-protocol-version header conflicts with initialize.params.protocolVersion
• keep initialize requests without the protocol-version header on the existing compatibility path
• move existing initialize session-id validation behind a small helper to keep the POST handler readable

Fixes #2618

To verify

• .\.venv\Scripts\python.exe -m pytest tests\shared\test_streamable_http.py -q -k "protocol_version"
• .\.venv\Scripts\python.exe -m ruff check src\mcp\server\streamable_http.py tests\shared\test_streamable_http.py
• .\.venv\Scripts\python.exe -m ruff format --check src\mcp\server\streamable_http.py tests\shared\test_streamable_http.py
• .\.venv\Scripts\pyright.exe src\mcp\server\streamable_http.py tests\shared\test_streamable_http.py
• git diff --check upstream/main..HEAD

[he-yufeng]

Pushed a test-only follow-up for the coverage gate. The HTTP mismatch path was already covered through the live server test, but that path runs out of process, so I added an in-process regression test for the 400 response branch.

Verified locally:

• .\.venv\Scripts\python.exe -m pytest tests\shared\test_streamable_http.py -q -k "protocol_version_mismatch"
• .\.venv\Scripts\python.exe -m ruff check src\mcp\server\streamable_http.py tests\shared\test_streamable_http.py
• .\.venv\Scripts\python.exe -m ruff format --check src\mcp\server\streamable_http.py tests\shared\test_streamable_http.py
• .\.venv\Scripts\pyright.exe src\mcp\server\streamable_http.py tests\shared\test_streamable_http.py
• git diff --check upstream/main..HEAD