Update ToolHive reference docs for v0.4.2 (#259)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: github-actions[bot]

docs/toolhive/reference/cli/thv_run.md

@@ -110,6 +110,7 @@ thv run [flags] SERVER_OR_IMAGE_OR_PROTOCOL [-- ARGS...]
       --oidc-audience string                       Expected audience for the token
       --oidc-client-id string                      OIDC client ID
       --oidc-client-secret string                  OIDC client secret (optional, for introspection)
+      --oidc-insecure-allow-http                   Allow HTTP (non-HTTPS) OIDC issuers for local development/testing (WARNING: Insecure!)
       --oidc-introspection-url string              URL for token introspection endpoint
       --oidc-issuer string                         OIDC issuer URL (e.g., https://accounts.google.com)
       --oidc-jwks-url string                       URL to fetch the JWKS from

static/api-specs/toolhive-api.yaml

@@ -61,6 +61,11 @@ components:
         clientSecret:
           description: ClientSecret is the optional OIDC client secret for introspection
           type: string
+        insecureAllowHTTP:
+          description: |-
+            InsecureAllowHTTP allows HTTP (non-HTTPS) OIDC issuers for development/testing
+            WARNING: This is insecure and should NEVER be used in production
+          type: boolean
         introspectionURL:
           description: IntrospectionURL is the optional introspection endpoint for
             validating tokens