Add client-side tool call interceptor (annotation-aware policy enforcement)

[ericstj]

The MCP C# SDK v1.1.0 exposes ToolAnnotations via McpClientTool.ProtocolTool.Annotations, but provides no built-in mechanism for a host to inspect those annotations and decide whether to allow invocation.

The server-side filter pipeline (WithRequestFilters(f => f.AddCallToolFilter(...))) has no client-side equivalent. McpClientOptions has no ToolCallPolicy or BeforeToolCall hook. McpClientHandlers only handles server→client requests (Sampling, Elicitation).

Proposed API

var client = await McpClient.CreateAsync(transport, new McpClientOptions
{
    ToolCallFilter = async (toolName, annotations, args, next, ct) =>
    {
        if (annotations?.DestructiveHint == true)
            throw new ToolBlockedException("Requires confirmation");
        return await next(toolName, args, ct);
    }
});

Without this, hosts must manually wrap every McpClientTool before passing to an IChatClient, and any unwrapped path bypasses policy entirely.

See also: https://modelcontextprotocol.io/blog/2026-03-16-tool-annotations (lethal trifecta attack pattern)