fix runtime request object auth

[Jing-command]

Summary

• bind runtime ping and update reads to the route runtime instead of loading request rows by global ID alone
• bind daemon ping and update result writes to the route runtime so a known request ID cannot be completed from another runtime
• add handler regressions covering cross-workspace reads and cross-runtime result submission

Test plan

• go -C "/Users/a1234/multica/.worktrees/runtime-task-object-auth/server" test ./internal/handler -run 'Test(PingPersistsAcrossHandlerRestart|UpdatePersistsAcrossHandlerRestart|GetPingReturnsPersistedTerminalStateWhenTimeoutUpdateLosesRace|GetUpdateReturnsPersistedTerminalStateWhenTimeoutUpdateLosesRace|GetPingTimesOutAfterHeartbeatClaimsIt|GetPingRejectsPingFromAnotherWorkspaceRuntime|GetUpdateRejectsUpdateFromAnotherWorkspaceRuntime|ReportPingResultRejectsPingBoundToAnotherRuntime|ReportUpdateResultRejectsUpdateBoundToAnotherRuntime)$'
• make -C "/Users/a1234/multica/.worktrees/runtime-task-object-auth" test ENV_FILE=.env.worktree

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR tightens authorization around runtime “request objects” (ping/update) by binding reads and result writes to the runtime ID from the route, preventing cross-workspace reads and cross-runtime completion when a request UUID is known.

Changes:

• Add runtime-scoped SQL queries for fetching and completing/failing runtime ping and update requests.
• Update ping/update handlers to enforce runtime binding for reads and daemon result submissions, and to validate workspace membership via the route runtime.
• Add regression tests covering cross-workspace reads and cross-runtime result submission rejections.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
server/pkg/db/queries/runtime_request.sql	Adds ...ForRuntime query variants that scope reads/writes by (id, runtime_id).
server/pkg/db/generated/runtime_request.sql.go	Regenerates sqlc output for the new runtime-scoped query methods and params.
server/internal/handler/runtime_ping.go	Uses runtime-scoped ping queries and enforces runtime/workspace binding on read and result write paths.
server/internal/handler/runtime_update.go	Uses runtime-scoped update queries and enforces runtime/workspace binding on read and result write paths.
server/internal/handler/handler_test.go	Adds helpers + regressions for cross-workspace read and cross-runtime result submission.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

mustGetHandlerTestRuntimeID(t) is called twice when building the request, which performs two separate DB lookups and repeats the same work. Store it in a local variable once (e.g., runtimeID := mustGetHandlerTestRuntimeID(t)) and reuse it for both the path and the URL param to keep the test cheaper and clearer.

[Copilot]

mustGetHandlerTestRuntimeID(t) is called twice when building the request, resulting in duplicate DB queries for the same runtime ID. Assign it to a variable once and reuse it for both the path and the URL param to avoid unnecessary work and make the test easier to read.