Consolidate Google Workspace MCP integration: multi-service support with unified resource and token exchange

[yosrixp]

Summary

• Expand Google Workspace integration from a single Google provider to 12 service-specific MCP servers
  (Drive, Docs, Sheets, Slides, Gmail, Calendar, Tasks, Chat, Forms, Keep, Meet) plus a shared
  google-cloud-platform provider for services using the cloud-platform scope (e.g. Transcoder, Apigee)
• Consolidate all Google Workspace JAX-RS resource classes into a single GoogleWorkspaceResource using
  @Path regex with @PathParam — replacing 13 classes (1 abstract base + 12 subclasses) with 1
• Consolidate all Google Workspace token exchange implementations into a single @Dependent
TokenExchangeServiceGoogleWorkspaceImpl managed by TokenExchangeServiceProducer via CDI Instance —
  replacing 12 near-identical classes with 1
• Deduplicate Helm chart config using range loops over googleWorkspaceServices list in values.yaml,
  and YAML anchors in application.dev.yaml for shared Google OAuth credentials and remote-server entries
• Fix CustomTokenStateManager.getProviderFromOidcConfig() to return the unique OIDC tenant ID instead of
  the generic provider type, resolving token collision between Google tenants

Changes

Java

• GoogleWorkspaceResource — single class with @Path("/{provider: google-(?:drive|docs|...)}/authorize")
  handles all 12 Google OAuth callbacks via @PathParam("provider")
• TokenExchangeServiceGoogleWorkspaceBase — shared token refresh logic with settable providerLabel
• TokenExchangeServiceGoogleWorkspaceImpl — single @Dependent bean instantiated per provider by the producer
• TokenExchangeServiceProducer — @PostConstruct loop creates and caches one instance per Google provider
• OauthProviderLabel — added constants for all Google Workspace services + google-cloud-platform
• CustomTokenStateManager — fixed tenant ID resolution for multi-tenant Google OIDC

Configuration

• application.yaml — 12 Google OIDC tenants with shared credentials via YAML anchor &google-workspace-creds
• application.dev.yaml — full dev config with service-specific scopes, resource mappings on port 4000,
  and YAML anchors for remote-server deduplication
• configmap.yaml — Helm range loops for HTTP permissions, OIDC tenants, and remote-server entries
• values.yaml — googleWorkspaceServices list driving all Helm loops
• Stage/Prod values — resource mappings for all services via dev-mcp-gateway / mcp-gateway

Tests

• Unified GoogleWorkspaceResourceTest with @ParameterizedTest over all providers
• Unified TokenExchangeServiceGoogleWorkspaceImplTest with parameterized provider label tests
• Updated TokenExchangeServiceProducerTest for map-based Google provider resolution

Test plan

• Verify Google Drive OAuth flow works end-to-end (authorize → callback → token storage → refresh)
• Verify Google Cloud Platform OAuth flow works for Transcoder MCP resource
• Verify non-Google providers (Okta, Atlassian, GitHub, Slack, Embrace) are unaffected
• Verify Helm template renders correctly with helm template for stage and prod values
• Run full test suite: mvn test