refactor: address code review - use logger.LogInfo for tool filtering, use client category for denied tool call warning

Agent-Logs-Url: https://github.com/github/gh-aw-mcpg/sessions/00582754-0d76-4bb6-a950-0cd6ff534f1b

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

Author: Copilot

internal/server/tool_registry.go

@@ -199,7 +199,7 @@ func (us *UnifiedServer) registerToolsFromBackend(serverID string) error {
 				}
 			}
 			if n < len(listResult.Tools) {
-				log.Printf("[allowed-tools] Filtered %d tools from %s: keeping %d of %d",
+				logger.LogInfo("backend", "[allowed-tools] Filtered %d tools from %s: keeping %d of %d",
 					len(listResult.Tools)-n, serverID, n, len(listResult.Tools))
 			}
 			listResult.Tools = listResult.Tools[:n]

internal/server/unified.go

@@ -425,7 +425,7 @@ func (us *UnifiedServer) callBackendTool(ctx context.Context, serverID, toolName
 	// This is a server-side guard so agents cannot bypass client-side --allowed-tools
 	// filters by sending raw tools/call requests directly to the gateway.
 	if !us.isToolAllowed(serverID, toolName) {
-		logger.LogWarn("auth", "tools/call denied: tool=%q not in allowed-tools for session=%s",
+		logger.LogWarn("client", "tools/call denied: tool=%q not in allowed-tools for session=%s",
 			toolName, auth.TruncateSessionID(sessionID))
 		httpStatusCode = 403
 		deniedErr := fmt.Errorf("tool %q is not in the allowed-tools list for this session", toolName)