docs: add Tool Authorization and Access Control section for MCP server

[Matovidlo]

Jira issue(s): N/A (documentation for mcp-server PR #350)

Link to Devin run: https://app.devin.ai/sessions/4ccc6d6f64aa49a6823bf2e09c8a5091
Requested by: Martin Vasko (@Matovidlo)

Changes:

• Add new "Tool Authorization and Access Control" section to MCP integration documentation
• Document three HTTP headers for granular tool access control: X-Allowed-Tools, X-Disallowed-Tools, X-Read-Only-Mode
• Explain filter behavior when multiple headers are combined
• List all 15 read-only tools categorized by function
• Provide use case examples for AI agent restrictions and compliance scenarios

Updates since last revision:

• Added hyperlink from "Keboola MCP Server" to the MCP Server documentation page
• Changed Cursor-specific documentation reference to be client-agnostic ("your MCP client's documentation")

---

This documentation corresponds to the new ToolAuthorizationMiddleware feature being added in keboola/mcp-server#350.

Human Review Checklist

• Verify the read-only tools list matches the READ_ONLY_TOOLS frozenset in mcp-server PR add length to example #350
• Confirm the filter behavior description (allowed → read-only intersection → disallowed exclusion) matches the implementation
• Check that use case examples are clear and helpful for users
• Verify the hyperlink /ai/mcp-server/ resolves correctly in the deployed documentation

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[Copilot]

Pull request overview

This PR adds comprehensive documentation for the new Tool Authorization and Access Control feature in the Keboola MCP Server, enabling granular control over which tools are available to clients via HTTP headers.

Changes:

• Added "Tool Authorization and Access Control" section documenting three HTTP headers (X-Allowed-Tools, X-Disallowed-Tools, X-Read-Only-Mode) for controlling tool access
• Documented filter application order and behavior when multiple headers are combined
• Listed all 15 read-only tools categorized by function (Components, Flows, Storage, SQL, Data Apps, Jobs, Search, Project, Documentation)
• Provided practical use case examples for AI agent restrictions, compliance scenarios, and combined restrictions
• Fixed minor formatting issue at end of file (removed extra pipe character)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.