Aligns the integration with the four wire-level changes shipped in
media-server v0.3.0/0.3.1 without breaking back-compat with older
server versions or pre-existing config entries.
- WebSocket auth via Sec-WebSocket-Protocol: media-server.token.<T>
(preferred by server v0.3.0+). The ?token= query is still sent so
older servers and unauthenticated mode both keep working — aiohttp
completes the handshake even when the server doesn't echo the
subprotocol back.
- 429 Too Many Requests surfaced as MediaServerRateLimitError with
Retry-After parsed; execute_script() sleeps min(retry_after, 30)
and retries once before falling through to the caller.
- Optional HTTPS/WSS (CONF_USE_SSL) + optional certificate verification
toggle (CONF_VERIFY_SSL) wired through the config flow, client, and
WebSocket. Defaults preserve http+verified behaviour, so existing
config entries are unchanged.
- X-Request-ID header (uuid4 hex) on every HTTP call so HA-side issues
can be cross-referenced with the server's access/audit logs. The
format matches the server's ^[A-Za-z0-9._-]{1,128}\$ allow-list so
the id is preserved verbatim instead of being replaced server-side.
Bumps manifest version to 0.3.3.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
alexei.dolgolyov
97c1784ad4