MCP session management

[Azquelt]

The protocol includes session management.

We should support this since it makes handling cancellation requests much safer.

• Generate, store and return a session ID in response to the initialization message
• Validate the session on every request
  • Return the correct response if a valid session ID is not supplied
• Allow the client to delete a session
• Use the session ID along with the request ID to identify a request for cancellation
• Write a session utility for tests so that in each test we can
  • initialize and start a session at the start of the test
  • provide the correct session ID with every request
  • delete the session at the end of the test
  • this should probably be written as a JUnit TestRule
• Ensure that abandoned sessions are eventually cleaned up