Re-hash response caching keys to avoid persisting raw request input

[jlowin]

Motivation

• Response caching previously used plaintext tool names/arguments and resource URIs directly as cache keys, which allows client-controlled values to appear in backend keys and logs and can enable path traversal/oversize key issues for file-backed stores.
• The change restores fixed-length, safe cache keys (SHA-256) so identity is preserved without storing raw user input in the backing key-value implementation.

Description

• Added hashlib-backed _hash_cache_key and three key-builder helpers: _make_call_tool_cache_key, _make_read_resource_cache_key, and _make_get_prompt_cache_key, each producing a SHA-256 hex digest of the request-derived string.
• Updated ResponseCachingMiddleware to call the new helpers for tools/call, resources/read, and prompts/get instead of embedding raw names/arguments/URIs in keys.
• Added focused unit tests (tests/server/middleware/test_caching.py::TestCacheKeyGeneration) to assert keys are 64-char SHA-256 hex strings, do not contain raw secret/URI fragments, and are stable across repeated calls.
• PR authored by agent attribution: 🤖 Generated with GPT-5.2-Codex.

Testing

• Ran uv sync which succeeded.
• Ran the repository unit tests for the changed file (uv run pytest tests/server/middleware/test_caching.py) and the new unit tests passed (3 passed) and relevant integration checks for caching exercised passed (5 passed).
• Ran the full test suite (uv run pytest -n auto) which completed but reported a small number of unrelated failures/timeouts (integration/network-related test flakes and proxy/httpx ProxyError) that are external to the key-hashing change.
• Ran static hooks (uv run prek run --all-files) which failed to initialize hooks due to outbound GitHub access/proxy 403 (environment network constraint), not due to lint/type errors in this change.

---

Codex Task

[jlowin]

Auto-reviewed and merging on behalf of @jlowin — CI is green (Windows OAuth proxy timeouts are pre-existing flaky tests).