`ResponseFilteringWriter` does not work with `text/event-stream`

[blkt]

Bug description

These lines assume that responses to HTTP POSTs are always valid JSONs, which is not the case for Streamable HTTP transport, which might return text/event-stream.

Note that this writer is used by the Authorization middleware, but when parsing fails it forwards the plain response body to the client without applying any filter, thus breaking the authorization process.

Steps to reproduce

I could only verify it using dlv and curl. See here for some example steps.

Expected behavior

It should have honored the response's Content-Type header, which is (fortunately) mandatory as per MCP spec.

Actual behavior

It returned the response as-is without processing.

[blkt]

Here are some details for future reference.

The following snippet shows that the value of rawResponse is not plain JSON, but rather a text/event-stream payload.

(dlv)
> github.com/stacklok/toolhive/pkg/authz.(*ResponseFilteringWriter).Flush() ./pkg/authz/response_filter.go:67 (PC: 0x104e7b358)
    62:		}
    63:
    64:		rawResponse := rfw.buffer.Bytes()
    65:
    66:		// Skip filtering for empty responses (common in SSE scenarios where actual data comes via SSE stream)
=>  67:		if len(rawResponse) == 0 {
    68:			rfw.ResponseWriter.WriteHeader(rfw.statusCode)
    69:			_, err := rfw.ResponseWriter.Write(rawResponse)
    70:			return err
    71:		}
    72:
(dlv) p string(rawResponse)
"event: message\nid: ZXUQ4S54IPJBXYONJDNKDDCU7I_0\ndata: {\"jsonrpc\":\"2.0\",\"id\":2,\"result\":{\"tools\":[{\"description\":\"Fetches a URL from the internet and optionally extracts its contents as markdown.\",\"inputSchema\":{\"type\":\"object\",\"required\":[\"url\"],\"properties\":{\"max_length\":{\"type\":[\"null\",\"integer\"]},\"raw\":{\"type\":\"boolean\"},\"start_index\":{\"type\":[\"null\",\"integer\"]},\"url\":{\"type\":\"string\"}},\"additionalProperties\":false},\"name\":\"fetch\"}]}}\n\n"

This is where it fails and the error it throws

(dlv)
> github.com/stacklok/toolhive/pkg/authz.(*ResponseFilteringWriter).Flush() ./pkg/authz/response_filter.go:77 (PC: 0x104e7b488)
    72:
    73:		// Parse the JSON-RPC response
    74:		var response jsonrpc2.Response
    75:		if err := json.Unmarshal(rawResponse, &response); err != nil {
    76:			// If we can't parse it, just pass it through
=>  77:			rfw.ResponseWriter.WriteHeader(rfw.statusCode)
    78:			_, err := rfw.ResponseWriter.Write(rawResponse)
    79:			return err
    80:		}
    81:
    82:		// Filter the response based on authorization
(dlv) p err
error(*encoding/json.SyntaxError) *{
	msg: "invalid character 'e' looking for beginning of value",
	Offset: 1,}

Note that line 78 writes the raw body back to the client as received from the MCP server without performing any additional action.