[Remote] [BUG] double WWW-Authenticate response header

### Describe the bug

Auth challenge for hitting `/` gives two `WWW-Authenticate` response headers. This is not functionally breaking, but it's possible for clients to misbehave with a plurality of this response header.

This is only affecting the `feature/2.0beta-remote` branch. Remote MCP server code is not in the `main` branch yet.

### Expected behavior

Should only return a single challenge header

### Actual behavior

```
WWW-Authenticate: Bearer realm="localhost:1031", resource_metadata="http://localhost:1031/.well-known/oauth-protected-resource"
WWW-Authenticate: Bearer
```

### Reproduction Steps

```
curl -v -X POST http://localhost:1031/   -H "Content-Type: application/json"   -H "Accept: application/json, text/event-stream"   -d '{    "jsonr
pc": "2.0",    "id": "test123",    "method": "tools/list",    "params": {}  }'
```

### Environment

All environments

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Remote] [BUG] double WWW-Authenticate response header #949

Describe the bug

Expected behavior

Actual behavior

Reproduction Steps

Environment

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Remote] [BUG] double WWW-Authenticate response header #949

Description

Describe the bug

Expected behavior

Actual behavior

Reproduction Steps

Environment

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions