Eliminate persistent “Redact secrets in logs” warnings by running MCP gateway as runner user

[Copilot]

The agent job was consistently emitting warning annotations during Redact secrets in logs because key MCP log files under /tmp/gh-aw/mcp-logs were not readable by the step user. This caused noisy warning badges and prevented redaction from processing those logs.

• Runtime ownership fix in generated MCP gateway command

  • Updated workflow generation to run the MCP gateway container with the current runner UID/GID.
  • This ensures logs created through /tmp bind mounts are readable by downstream redaction/upload steps.

• Coverage for generated command contract

  • Added an integration test asserting the compiled workflow includes the explicit Docker user mapping for MCP gateway startup.

docker run -i --rm --network host --user $(id -u):$(id -g) ...

[pelikhan]

@lpcox