… deployments (#641)

* fix: restore StatelessSessionIdManager as default to fix multi-instance deployments

Fixes #636

In commit da6f722, the default session ID manager was changed from
StatelessSessionIdManager to InsecureStatefulSessionIdManager, which broke
multi-instance deployments without sticky sessions by causing Invalid
session ID errors when requests were routed to different server instances.

This change restores the previous default behavior:
- Default session manager is now StatelessSessionIdManager (no session validation)
- Multi-instance deployments work without requiring sticky sessions
- Added WithStateful() option for explicit stateful session management
- Updated all nil fallbacks to use stateless manager
- Updated tests to verify new default behavior
- Updated documentation to reflect the change

Backward compatibility is maintained while fixing the production deployment issue.

* fix: create StatelessGeneratingSessionIdManager to fix multi-instance deployments

Fixes #636

The original fix was too aggressive - changing to completely stateless
broke existing functionality that expects session IDs to be generated.

New approach:
- Created StatelessGeneratingSessionIdManager that generates session IDs
  but only validates format (not existence locally)
- This fixes multi-instance deployments while maintaining compatibility
- Updated tests to reflect new behavior
- Session termination now requires explicit stateful mode

This solves the production issue where requests routed to different
instances failed with 'Invalid session ID' errors while preserving
the expected session ID generation behavior.

* fix: update NewDefaultSessionIdManagerResolver fallback to StatelessSessionIdManager

As requested, updated NewDefaultSessionIdManagerResolver to fall back to
StatelessSessionIdManager instead of StatelessGeneratingSessionIdManager
when manager is nil.

This change affects:
- NewDefaultSessionIdManagerResolver(nil) fallback
- WithSessionIdManager(nil) fallback
- WithSessionIdManagerResolver(nil) fallback

Updated corresponding tests to expect stateless behavior:
- Generate() returns empty string ("")
- Validate() accepts any session ID without error

The server default still uses StatelessGeneratingSessionIdManager for
backward compatibility, but nil fallbacks now use truly stateless behavior.

* fix: update tests to use WithStateful(true) for stateful behavior

As requested in the CodeRabbit review, updated tests that expect
stateful behavior to explicitly use WithStateful(true) instead of
relying on the old default behavior.

Updated tests:
- TestStreamableHTTP_POST_SendAndReceive: expects session IDs in headers and 400 for invalid IDs
- TestStreamableHttpResourceGet: expects session ID in header
- TestStreamableHTTP_SessionWithLogging: expects session ID in header
- TestStreamableHTTP_SendNotificationToSpecificClient: both subtests expect session IDs in headers

This ensures tests explicitly opt into stateful mode when needed,
while the default remains stateless for multi-instance deployments.

* fix: enable coverage on main branch and add artifact retention

- Updated coverage job condition to run on push to main branch in addition to PRs
- Added 30-day artifact retention to ensure coverage artifacts are available for comparison
- This fixes the coverage triggers that were failing due to missing baseline artifacts

Now coverage will:
1. Run on main branch pushes to create baseline artifacts
2. Run on PRs to compare against baseline and ensure coverage doesn't decrease
3. Keep artifacts available for 30 days for proper comparison

- Add clientInfo and clientCapabilities fields to streamableHttpSession struct
- Implement GetClientInfo, SetClientInfo, GetClientCapabilities, SetClientCapabilities methods
- Add SessionWithClientInfo interface declaration
- Enable client capability checking for StreamableHTTP transport in stateful mode

Fixes #639