feat(backend): Implement Story 5.4 - MCP Error Handling & Logging

Implement comprehensive error handling and structured logging for MCP module.

**Exception Hierarchy**:
- Created McpException base class with JSON-RPC error mapping
- Implemented 8 specific exception types (Parse, InvalidRequest, MethodNotFound, etc.)
- Each exception maps to correct HTTP status code (401, 403, 404, 422, 400, 500)

**Middleware**:
- McpCorrelationIdMiddleware: Generates/extracts correlation ID for request tracking
- McpExceptionHandlerMiddleware: Global exception handler with JSON-RPC error responses
- McpLoggingMiddleware: Request/response logging with sensitive data sanitization

**Serilog Integration**:
- Configured structured logging with Console and File sinks
- Log rotation (daily, 30-day retention)
- Correlation ID enrichment in all log entries

**Features**:
- Correlation ID propagation across request chain
- Structured logging with TenantId, UserId, ApiKeyId
- Sensitive data sanitization (API keys, passwords)
- Performance metrics (request duration, slow request warnings)
- JSON-RPC 2.0 compliant error responses

**Testing**:
- 174 tests passing (all MCP module tests)
- Unit tests for all exception classes
- Unit tests for all middleware components
- 100% coverage of error mapping and HTTP status codes

**Files Added**:
- 9 exception classes in Domain/Exceptions/
- 3 middleware classes in Infrastructure/Middleware/
- 4 test files with comprehensive coverage

**Files Modified**:
- Program.cs: Serilog configuration
- McpServiceExtensions.cs: Middleware pipeline registration
- JsonRpcError.cs: Added parameterless constructor for deserialization
- MCP Infrastructure .csproj: Added Serilog package reference

**Verification**:
✅ All 174 MCP module tests passing
✅ Build successful with no errors
✅ Exception-to-HTTP-status mapping verified
✅ Correlation ID propagation tested
✅ Sensitive data sanitization verified

Story: docs/stories/sprint_5/story_5_4.md

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

colaflow-api/src/Modules/Mcp/ColaFlow.Modules.Mcp.Infrastructure/Extensions/McpServiceExtensions.cs

@@ -48,14 +48,28 @@ public static class McpServiceExtensions
 
     /// <summary>
     /// Adds MCP middleware to the application pipeline
-    /// IMPORTANT: Add authentication middleware BEFORE MCP middleware
+    /// IMPORTANT: Middleware order matters - must be in this sequence:
+    /// 1. Correlation ID (for request tracking)
+    /// 2. Exception Handler (catches all errors)
+    /// 3. Logging (logs requests/responses)
+    /// 4. Authentication (validates API key)
+    /// 5. MCP Protocol Handler (processes MCP requests)
     /// </summary>
     public static IApplicationBuilder UseMcpMiddleware(this IApplicationBuilder app)
     {
-        // Authentication middleware MUST come first
+        // 1. Correlation ID middleware (FIRST - needed for all subsequent logging)
+        app.UseMiddleware<McpCorrelationIdMiddleware>();
+
+        // 2. Exception handler (SECOND - catches all errors from downstream middleware)
+        app.UseMiddleware<McpExceptionHandlerMiddleware>();
+
+        // 3. Logging middleware (THIRD - logs request/response with correlation ID)
+        app.UseMiddleware<McpLoggingMiddleware>();
+
+        // 4. Authentication middleware (FOURTH - validates API key)
         app.UseMiddleware<McpApiKeyAuthenticationMiddleware>();
 
-        // Then the MCP protocol handler
+        // 5. MCP protocol handler (LAST - processes the actual MCP request)
         app.UseMiddleware<McpMiddleware>();
 
         return app;