[VAP-11408] Add OAuth-on-first-use to public MCP server (client)

[vapi-tasker]

Describe your changes

This PR makes VAPI_TOKEN optional in the public MCP server and implements OAuth-on-first-use for frictionless setup.

Key Changes:

• Make VAPI_TOKEN optional in server startup
• Add OAuth flow handler that triggers on first tool call
• Store credentials in ~/.vapi/mcp-config.json
• Update all tool handlers to use lazy client initialization
• Bump version to 0.2.0

User Experience Flow:

1. User pastes MCP config (NO API KEY needed)
2. User restarts Claude Desktop
3. User asks: "Build me a Vapi voice agent"
4. OAuth URL appears in error message
5. User clicks URL → completes OAuth in browser
6. Account auto-created (via backend PR)
7. Credentials saved locally
8. Original request retried → works!

Relevant Context (linear ticket, slack link, etc)

• Linear: VAP-11408
• Slack: https://vapi-ai.slack.com/archives/D0A998HRFTP/p1769188543729609
• Backend PR: https://github.com/VapiAI/vapi/pull/9668

How did you test this?

Testing Strategy:

1. Code Review: Validated OAuth flow logic and lazy client initialization
2. Type Safety: Ensured TypeScript compilation succeeds
3. Integration Testing: Pending - requires backend deployment

Manual Testing Plan (to be completed after backend deployment):

• Install MCP server without VAPI_TOKEN
• Trigger tool call → verify OAuth URL appears
• Complete OAuth flow
• Verify credentials saved to ~/.vapi/mcp-config.json
• Retry tool call → verify it succeeds
• Restart Claude Desktop → verify credentials persist

Configuration Example:

{
  "mcpServers": {
    "vapi-mcp-server": {
      "command": "npx",
      "args": ["-y", "@vapi-ai/mcp-server"]
      // NO VAPI_TOKEN NEEDED!
    }
  }
}

Note: This PR is Part 2 of 2. Part 1 (backend OAuth infrastructure) is in VapiAI/vapi repository.