fix(mcp): fix stale patch target in auth tests and update stale docstring

_mock_sm_ctx now sets find_user_with_relationships.return_value = None so
JWT/dev-user lookups that delegate through the (now refactored)
load_user_with_relationships → security_manager.find_user_with_relationships
path behave as "user not found" in unit tests that don't patch the DB — matching
the behavior of the previous direct db.session.query() implementation.

Without this, tests that expected ValueError("not found") received a truthy
MagicMock() from the unspecified mock method, causing them to fail.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/unit_tests/mcp_service/test_auth_api_key.py

@@ -86,7 +86,14 @@ def _disable_api_keys(app: SupersetApp) -> Generator[None, None, None]:
 
 @contextmanager
 def _mock_sm_ctx(app: SupersetApp, mock_sm: MagicMock):
-    """Push an app context with g.user cleared and appbuilder.sm mocked."""
+    """Push an app context with g.user cleared and appbuilder.sm mocked.
+
+    Defaults find_user_with_relationships to None so JWT/dev-user lookups
+    that hit the SM (via load_user_with_relationships) behave as "user not
+    found" without a real DB, matching the pre-refactor db.session behavior.
+    Tests that need a specific return value should set it on mock_sm directly.
+    """
+    mock_sm.find_user_with_relationships.return_value = None
     with app.app_context():
         g.user = None
         app.appbuilder = MagicMock()