`ResponseFilteringWriter` does not work with `text/event-stream`

[blkt]

Bug description

These lines assume that responses to HTTP POSTs are always valid JSONs, which is not the case for Streamable HTTP transport, which might return text/event-stream.

Note that this writer is used by the Authorization middleware, but when parsing fails it forwards the plain response body to the client without applying any filter, thus breaking the authorization process.

Steps to reproduce

I could only verify it using dlv and curl. See here for some example steps.

Expected behavior

It should have honored the response's Content-Type header, which is (fortunately) mandatory as per MCP spec.

Actual behavior

It returned the response as-is without processing.