Handle deepagents mcp login <server>.
When config_path is omitted, auto-discovered MCP configs are merged in
the same precedence order as the runtime loader, with matching trust
gating: user-level configs are always included, but project-level configs
are only included when the trust store has a fingerprint match. An
untrusted project-level config (for example, a .mcp.json in a cloned
repo) is skipped so attacker-controlled headers entries cannot exfiltrate
local secrets during the OAuth handshake. When config_path is set, that
file alone is loaded and treated as explicitly trusted.
