feat(mcp): #30 add every_tool and does_not_accept for catalog-wide tool assertions

[othercodes]

Closes #30.

Summary

• AssertableToolList.every_tool(callback) — applies the callback to every tool in the list. Useful for catalog-wide invariants (auth scopes, feature flags) without enumerating every tool name. Skips non-dict entries silently, consistent with existing contains_tool / does_not_contain_tool.
• AssertableToolDef.does_not_accept(params) — asserts that the named params are NOT exposed in inputSchema.properties (covers both required and optional). Single inverse instead of the two proposed in the issue — see the issue comment for rationale.

Both methods follow the module's existing conventions (raise AssertionError, tool name in messages, defensive against missing inputSchema/properties).

Scope note

The issue proposed does_not_accept_optional. After discussion we settled on does_not_accept (single method, semantically cleaner). Comment on the issue explains why.

Test plan

• every_tool: applies callback to each, propagates assertion errors with tool name, passes silently on empty list, skips non-dicts, returns Self for chaining.
• does_not_accept: passes when params absent, passes when no inputSchema, raises with tool name and offending properties when present, returns Self for chaining.
• mypy strict clean.
• 100% coverage maintained.
• ruff lint + format clean.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud