fix: MFA http contract parity fixes

[tusharpandey13]

Align MFA route handlers with Auth0 HTTP API contract.
Route handlers become transparent proxies: accept snake_case requests, return snake_case responses.
Camelization moves to SDK client boundary (ClientMfaClient, ServerMfaClient).

Changes

Wire Format

• Token extraction: Authorization: Bearer header only (query param removed)
• Camelization logic moved from business layer -> mfa client. This enables Auth0-like HTTP calls to and from the SDK's MFA proxy layer.
• Renamed /auth/mfa/enroll → /auth/mfa/associate (matches Auth0)

factorType: Added support for factorType instead of raw authenticatorTypes/oobChannels

Tests

888 pass, 0 fail (50 files)

[codecov-commenter]

Codecov Report

❌ Patch coverage is 81.50289% with 32 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.02%. Comparing base (b03e748) to head (0823b10).

Files with missing lines	Patch %	Lines
src/utils/mfa-transform-utils.ts	74.50%	13 Missing ⚠️
src/server/mfa/server-mfa-client.ts	0.00%	8 Missing ⚠️
src/utils/mfa-validation-utils.ts	33.33%	3 Missing and 5 partials ⚠️
src/server/auth-client.ts	92.50%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2555      +/-   ##
==========================================
- Coverage   90.08%   90.02%   -0.06%     
==========================================
  Files          63       63              
  Lines        7612     7687      +75     
  Branches     1613     1632      +19     
==========================================
+ Hits         6857     6920      +63     
- Misses        743      755      +12     
  Partials       12       12              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gyaneshgouraw-okta]

@tusharpandey13 in the PR description we should highlight breaking changes for customers under a breaking change section.
That would help community members visiting this PR.

[gyaneshgouraw-okta]

@tusharpandey13 since /auth/mfa/enroll is updated to /auth/mfa/associate should this url.includes("/enroll") needs to be updated with url.includes("/associate")

Is the route update applicable here also ?