fix: AIFW-21696: ValidateMCPServersRequest allows omitting required fields

[vokit-cisco]

Summary

Fixes AIFW-21696 by enforcing required validation in MCP server validation request models.

This change makes missing validation inputs fail fast at model validation time, so incomplete payloads are rejected before request execution.

Changes

• Made ValidateMCPServersRequest.urls required (changed from optional to required).
• Made ValidateMCPServersRequest.transport_type required (changed from optional to required).
• Updated ValidateMCPServersRequest field descriptions to reflect required transport type.
• Added negative validation tests:
  • ValidateMCPServersRequest without urls raises ValidationError.
  • ValidateMCPServersRequest without transport_type raises ValidationError.
  • ValidateMCPServersRequest without both required fields raises ValidationError.

Test Plan

• Targeted unit tests pass: pytest -q aidefense/tests/test_mcp_scan_base.py -k missing_required_fields.
• Verified result: 3 passed, 84 deselected.
• Validation path confirmed for missing urls.
• Validation path confirmed for missing transport_type.
• Validation path confirmed for payloads missing both required fields.

Compatibility Notes

• Behavioral tightening: client code must now provide both urls and transport_type when building MCP server validation requests.
• Expected impact: integrations that relied on omitted required fields will now fail validation and should be updated accordingly.