Fix auth loss when querying backend capabilities

QueryCapabilities was manually creating BackendTarget but omitted
AuthStrategy and AuthMetadata fields, causing all backends to fall
back to unauthenticated strategy during capability queries.

Replace manual struct creation with BackendToTarget() helper to
ensure all fields (including auth) are properly copied from Backend
to BackendTarget.

This bug prevented per-backend authentication from working during
the initial capability discovery phase, even though auth was
correctly configured by the discoverer.

Author: jhrozek

pkg/vmcp/aggregator/default_aggregator.go

@@ -49,14 +49,8 @@ func (a *defaultAggregator) QueryCapabilities(ctx context.Context, backend vmcp.
 	logger.Debugf("Querying capabilities from backend %s", backend.ID)
 
 	// Create a BackendTarget from the Backend
-	target := &vmcp.BackendTarget{
-		WorkloadID:    backend.ID,
-		WorkloadName:  backend.Name,
-		BaseURL:       backend.BaseURL,
-		TransportType: backend.TransportType,
-		HealthStatus:  backend.HealthStatus,
-		Metadata:      backend.Metadata,
-	}
+	// Use BackendToTarget helper to ensure all fields (including auth) are copied
+	target := vmcp.BackendToTarget(&backend)
 
 	// Query capabilities using the backend client
 	capabilities, err := a.backendClient.ListCapabilities(ctx, target)