Document recommended pattern for role/identity propagation in MCP tool execution

[Copilot]

Fixes #1452

The SDK has built-in ClaimsPrincipal propagation via JsonRpcMessage.Context.User and automatic parameter injection into tool/prompt/resource handlers, but this wasn't documented anywhere.

Adds docs/concepts/identity/identity.md covering:

• Direct ClaimsPrincipal parameter injection — the recommended, transport-agnostic pattern already demonstrated by ClaimsPrincipalTools in tests
• Identity flow diagram — HTTP auth middleware → transport → filters → handler
• Filter-level access via context.User
• Declarative authorization with [Authorize]/[AllowAnonymous] + AddAuthorizationFilters()
• Transport comparison — Streamable HTTP vs SSE vs stdio, with a stdio message filter pattern for setting identity from process context
• IHttpContextAccessor positioned as HTTP-only alternative with cross-ref to existing httpcontext doc

[McpServerToolType]
public class UserAwareTools
{
    [McpServerTool, Description("Returns a personalized greeting.")]
    public string Greet(ClaimsPrincipal? user, string message)
    {
        var userName = user?.Identity?.Name ?? "anonymous";
        return $"{userName}: {message}";
    }
}

Updates toc.yml and index.md to wire up navigation.

[jeffhandley]

Here's a set of tests generated from these docs that validated all of the captured behavior: 082c3b5