Part of #17649

---

# Allow MCP server to run without authentication

This PR enhances the MCP server to operate without requiring authentication, making it more flexible for environments where authentication isn't available or necessary. Key changes:

- Replaced `InitClient` with `TryInitClient` to allow the MCP server to start without credentials
- Added graceful handling when URL or authentication is missing
- Made authentication status visible in server logs
- Added logic to skip user-dependent tools when no authenticated user is present
- Made the `coder_report_task` tool available with just an agent token (no user token required)
- Added comprehensive tests to verify operation without authentication

These changes allow the MCP server to function in more environments while still using authentication when available, improving flexibility for CI/CD and other automated environments.

Fix #17704

During the [refactoring of WorkspaceApp response
type](https://github.com/coder/coder/pull/17700/files#diff-a7e67944708c3c914a24a02d515a89ecd414bfe61890468dac08abde55ba8e96R112),
I updated the logic to check if the session token should be injected
causing external apps to not load correctly.

To also avoid future confusions, we are only going to rely on the
`app.external` prop to open apps externally instead of verifying if the
URL does not use the HTTP protocol. I did some research and I didn't
find out a use case where it would be a problem.

I'm going to refactor this code very soon to allow opening apps from the
workspaces page, so I will write the tests to cover this use case there.

**Not included:**
During my next refactoring I'm also going to change the code to support
token injections directly in the HREF instead of making it happen during
the click event.

See
bc609d0

We have `code.svg` but not `code-insiders.svg`