fix(plugin): wire .mcp.json remote MCP server for plugin installs

[lxcong]

Summary

• The repo already ships as a Claude Code plugin (.claude-plugin/plugin.json + marketplace.json), but .mcp.json was empty ({ "mcpServers": {} }), so installing the plugin registered no MCP server — the skill loaded with no tools to call.
• Wire .mcp.json to register a type: http server at https://api.agentkey.app/v1/mcp, injecting the API key via the documented ${user_config.AGENTKEY_API_KEY} interpolation (the manifest already declares userConfig.AGENTKEY_API_KEY). ${CLAUDE_PLUGIN_OPTION_*} env vars only apply to stdio/subprocess servers, not to an http server header.
• Correct the now-misleading .mcp.json guidance in .claude/CLAUDE.md, and document the public marketplace install path (/plugin marketplace add chainbase-labs/agentkey) in README.md + docs/README_zh.md.

Scope: only .mcp.json, .claude/CLAUDE.md, README.md, docs/README_zh.md (+28/-10). Version/release files untouched; the fix: lets release-please cut 1.9.1 on merge.

Test Plan

• claude plugin validate . passes
• Local end-to-end (isolated config): claude plugin marketplace add ./ + claude plugin install agentkey@agentkey --config AGENTKEY_API_KEY=… → plugin:agentkey:agentkey … ✓ Connected, confirming ${user_config.*} is interpolated into the auth header and the server authenticates
• bats tests/ 10/10 pass
• Reviewer sanity-check of the 4-file diff

🤖 Generated with Claude Code

[lxcong]

@claude review

[github-actions]

🤖 Claude security review requested by @lxcong. Running against HEAD 02f4220e91e5653f5c5d71128351aaa2a442ee40...

[claude]

🤖 Claude security review — HEAD: 02f4220

Scope: 4 files — .mcp.json remote MCP wiring, CLAUDE.md guidance update, README/README_zh docs

✅ No security or convention issues found.

Checks performed:

• Credentials/secrets: Bearer ${user_config.AGENTKEY_API_KEY} is a template interpolation placeholder, not a hardcoded value — no secrets in diff.
• Shell/CI attack surface: No *.sh, *.ps1, or workflow files changed.
• Protected files: None of the release-please-managed files (version.txt, plugin.json version, CHANGELOG.md, .release-please-manifest.json) were touched.
• Repo invariants: check-update.sh, install.sh, install.ps1 are unchanged.
• PR title: fix(plugin): wire .mcp.json remote MCP server for plugin installs — valid conventional-commit format.
• .mcp.json correctness: type: http with ${user_config.AGENTKEY_API_KEY} interpolation is the correct approach for remote HTTP MCP servers (as opposed to ${CLAUDE_PLUGIN_OPTION_*} which is stdio-only); the CLAUDE.md update accurately documents this distinction.

Review triggered by @lxcong
via @claude review.