Add support to publish servers as MCP Bundles

[vcolin7]

What does this PR do?

This PR implements end-to-end MCPB (MCP Bundle) packaging and signing infrastructure using Microsoft's ESRP (Enterprise Signing and Release Pipeline) service. MCPB is a standardized bundle format for distributing MCP servers, similar to Chrome extensions (.crx) or VS Code extensions (.vsix).

Documentation

• Added comprehensive design documentation for MCPB signing via ESRP (mcpb-signing-via-esrp.md)
• Updated eng/README to include MCPB

PowerShell Scripts

• Added:
  • Pack-Mcpb.ps1 - Packages trimmed and self-contained server binaries into MCPB format
  • Stage-McpbForSigning.ps1 - Prepares MCPB files for ESRP signing
  • Apply-McpbSignatures.ps1 - Applies ESRP detached signatures to MCPB files
  • Verify-McpbSignatures.ps1 - Validates MCPB signatures
  • Update-ServerJsonMcpbHashes.ps1 - Updates server.json with MCPB hashes
• Updated:
  • New-ServerJson.ps1 - Added entries for MCPB files

Pipeline Templates

• Added:
  • pack-and-sign-mcpb.yml - Main packaging and signing job
  • release-mcpb.yml - Release MCPB files to GitHub releases
• Updated:
  • common.yml
  • release.yml
  • sign-and-pack.yml
  • update-mcp-repository.yml
  • Each server's build.yml
  • 1es-reditect - Fixed issue with Go package downloads. Module downloads now go through Microsoft's internal proxy server instead of going directly to the public internet (proxy.golang.org).

Server Manifests

• Added a manifest.json for all servers. These files serve as a base that gets updated during release to include the most recent server metadata (version, tools, etc.).
• Updated server.json for Azure and Template servers to list MCP Bundles in the official MCP registry.

Testing

• MCPB packaging produces valid bundles for all servers
• ESRP signing workflow completes successfully
• mcpb verify validates signed bundles
• GitHub release includes signed MCPB files (link to successful release run)
• Official MCP Registry shows MCPB entries for Template MCP Server

• Signed MCPB files run successfully on an app that supports them, like Claude Desktop

GitHub issue number?

Fixes: #128

Pre-merge Checklist

• Required for All PRs
  • Read contribution guidelines
  • PR title clearly describes the change
  • Commit history is clean with descriptive messages (cleanup guide)
  • Added comprehensive tests for new/modified functionality
  • Updated servers/Azure.Mcp.Server/CHANGELOG.md and/or servers/Fabric.Mcp.Server/CHANGELOG.md for product changes (features, bug fixes, UI/UX, updated dependencies)
• For MCP tool changes:
  • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
  • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
  • Validate README.md changes using script at eng/scripts/Process-PackageReadMe.ps1. See Package README
  • Updated command list in /servers/Azure.Mcp.Server/docs/azmcp-commands.md and/or /docs/fabric-commands.md
  • Run .\eng\scripts\Update-AzCommandsMetadata.ps1 to update tool metadata in azmcp-commands.md (required for CI)
  • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
  • For tools with new names, including new tools or renamed tools, update consolidated-tools.json
  • For new tools associated with Azure services or publicly available tools/APIs/products, add URL to documentation in the PR description
• Extra steps for Azure MCP Server tool changes:
  • Updated test prompts in /servers/Azure.Mcp.Server/docs/e2eTestPrompts.md
  • 👉 For Community (non-Microsoft team member) PRs:
    • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
    • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline