Make MCP plugin tools configurable

Problem/Motivation

MCP currently exposes all available tools to authenticated users without the ability to control access on a per-tool basis. This creates security and usability challenges.

For example:

In the current state, MCP auth allows access to all tools exposed over MCP.

Some tools (e.g., field API-level tools) should only be accessible to users with the Content editor role.

Others (like RAG search) should be available to anonymous or a Search API consumer role.

There is currently no way to disable specific tools or restrict access by role. As the number of plugins grows, the lack of per-tool configurability limits flexibility and increases risk.

Proposed resolution

Add support for per-plugin configuration for MCP tools. Each tool should be configurable via the admin UI and/or configuration files. Proposed options:

• Enable or disable individual tools.
• Set role-based access restrictions for each tool (e.g., allow only specific roles).
• Allow editing or overriding the description text shown for each tool.