## Fix Summary

The fix closes the DNS rebinding bypass in `SSEHandler` by adding the same localhost `Host` header validation already used in `StreamableHTTPHandler`. `SSEHandler.ServeHTTP` now rejects non-loopback `Host` headers with `403 Forbidden` when requests arrive over loopback addresses, unless protection is explicitly disabled through compatibility controls. This makes DNS rebinding protection consistent across both HTTP transport handlers.

## Changes Made

- **`mcp/sse.go`**
  - Added `net` and `internal/util` imports.
  - Extended `SSEOptions` with `DisableLocalhostProtection bool`.
  - Added localhost DNS rebinding protection at the start of `SSEHandler.ServeHTTP`:
    - Reads `http.LocalAddrContextKey`
    - Uses `util.IsLoopback` on local address and `req.Host`
    - Returns `403 Forbidden` for invalid Host headers
  - Reuses existing compatibility override `disablelocalhostprotection` for behavior parity with streamable handler.

- **`mcp/sse_test.go`**
  - Added `TestSSELocalhostProtection` to verify protection behavior for:
    - loopback + loopback host (allowed)
    - loopback + attacker host (blocked with 403)
    - wildcard listener reached via loopback + attacker host (blocked)
    - explicit disable option (request proceeds to normal handler behavior)

## Verification Steps

1. Applied the fix and formatted code:
   - `gofmt -w mcp/sse.go mcp/sse_test.go`

2. Ran focused SSE tests:
   - `go test ./mcp -run 'TestSSE(LocalhostProtection|405AllowHeader|Server)$' -count=1`
   - Output: `ok github.com/modelcontextprotocol/go-sdk/mcp 0.010s`

3. Ran both streamable and SSE localhost-protection tests together:
   - `go test ./mcp -run 'Test(StreamableLocalhostProtection|SSELocalhostProtection)' -count=1`
   - Output: `ok github.com/modelcontextprotocol/go-sdk/mcp 0.011s`

4. Generated patch artifact:
   - `coding/proposed_fix.diff`

These results demonstrate that requests with attacker-controlled `Host` headers are now rejected for SSE localhost traffic, resolving the unprotected path identified in the variant RCA.

## Test Results

- **Passed**: SSE-specific behavior tests (`TestSSEServer`, `TestSSE405AllowHeader`, `TestSSELocalhostProtection` subset run)
- **Passed**: Localhost protection parity tests across both handlers (`StreamableHTTPHandler` + `SSEHandler`)
- **Edge cases covered**:
  - loopback listener accepting loopback hosts
  - loopback listener rejecting non-loopback host
  - wildcard listener connection via loopback still protected
  - explicit opt-out (`DisableLocalhostProtection`) retains compatibility path

## Remaining Concerns

- The compatibility bypass (`MCPGODEBUG=disablelocalhostprotection=1`) and explicit option (`DisableLocalhostProtection`) remain available by design; these should be removed or further restricted in a future major/minor as planned.
- SSE transport is legacy/deprecated in the spec timeline; ensure any future transport handlers inherit the same centralized localhost protection checks to avoid coverage gaps.