fix(mcp): DNS-Rebinding-Schutz aus (server-to-server+Bearer) + MCP-Dienst expose-only

- FastMCP transport_security: enable_dns_rebinding_protection nur an, wenn
  MCP_ALLOWED_HOSTS gesetzt; sonst aus (sonst HTTP 421 "Invalid Host header" bei
  Aufrufen über nginx/Container-Name). Bearer bleibt die Zugriffskontrolle.
- bp-compliance-mcp: Host-Port-Mapping entfernt (8099 war von bp-core-health
  belegt) → expose-only im breakpilot-network, Routing via nginx (Folgeschritt).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

backend-compliance/compliance/mcp/server.py

@@ -17,11 +17,22 @@ import os
 from typing import Optional
 
 from mcp.server.fastmcp import FastMCP
+from mcp.server.transport_security import TransportSecuritySettings
 
 from compliance.api.cra_annex_i_data import ANNEX_I_REQUIREMENTS
 from compliance.services.cra_finding_mapper import assess_findings_payload
 
-mcp = FastMCP("breakpilot-cra")
+# We are a server-to-server, Bearer-gated API behind nginx — not a browser target.
+# FastMCP's DNS-rebinding protection rejects unknown Host headers (HTTP 421); keep
+# it OFF unless MCP_ALLOWED_HOSTS pins an explicit allowlist (comma-separated).
+_ALLOWED = [h.strip() for h in (os.environ.get("MCP_ALLOWED_HOSTS") or "").split(",") if h.strip()]
+_SECURITY = TransportSecuritySettings(
+    enable_dns_rebinding_protection=bool(_ALLOWED),
+    allowed_hosts=_ALLOWED,
+    allowed_origins=_ALLOWED,
+)
+
+mcp = FastMCP("breakpilot-cra", transport_security=_SECURITY)
 
 
 @mcp.tool(