feat: implement multi-tenant support with dynamic tool registration

Implements comprehensive multi-tenant support to fix n8n API tools not being dynamically registered when instance context is provided via headers. Includes critical security and performance improvements identified during code review.

Changes:
- Add ENABLE_MULTI_TENANT configuration option for dynamic instance support
- Fix tool registration to check instance context in addition to env vars
- Implement session isolation strategies (instance-based and shared)
- Add validation for instance context creation from headers
- Enhance security logging with sanitized sensitive data
- Add locking mechanism to prevent race conditions in session switches
- Improve URL validation to handle edge cases (localhost, IPs, ports)
- Include configuration hash in session IDs to prevent collisions
- Add type-safe header extraction with MultiTenantHeaders interface
- Add comprehensive test scripts for multi-tenant scenarios

Fixes issue where "Method not found" errors occurred in multi-tenant deployments because n8n API tools weren't being registered dynamically based on instance context.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/mcp/server.ts

@@ -216,13 +216,30 @@ export class N8NDocumentationMCPServer {
     this.server.setRequestHandler(ListToolsRequestSchema, async (request) => {
       // Combine documentation tools with management tools if API is configured
       let tools = [...n8nDocumentationToolsFinal];
-      const isConfigured = isN8nApiConfigured();
-      
-      if (isConfigured) {
+
+      // Check if n8n API tools should be available
+      // 1. Environment variables (backward compatibility)
+      // 2. Instance context (multi-tenant support)
+      // 3. Multi-tenant mode enabled (always show tools, runtime checks will handle auth)
+      const hasEnvConfig = isN8nApiConfigured();
+      const hasInstanceConfig = !!(this.instanceContext?.n8nApiUrl && this.instanceContext?.n8nApiKey);
+      const isMultiTenantEnabled = process.env.ENABLE_MULTI_TENANT === 'true';
+
+      const shouldIncludeManagementTools = hasEnvConfig || hasInstanceConfig || isMultiTenantEnabled;
+
+      if (shouldIncludeManagementTools) {
         tools.push(...n8nManagementTools);
-        logger.debug(`Tool listing: ${tools.length} tools available (${n8nDocumentationToolsFinal.length} documentation + ${n8nManagementTools.length} management)`);
+        logger.debug(`Tool listing: ${tools.length} tools available (${n8nDocumentationToolsFinal.length} documentation + ${n8nManagementTools.length} management)`, {
+          hasEnvConfig,
+          hasInstanceConfig,
+          isMultiTenantEnabled
+        });
       } else {
-        logger.debug(`Tool listing: ${tools.length} tools available (documentation only)`);
+        logger.debug(`Tool listing: ${tools.length} tools available (documentation only)`, {
+          hasEnvConfig,
+          hasInstanceConfig,
+          isMultiTenantEnabled
+        });
       }
       
       // Check if client is n8n (from initialization)