Prettify permissions validation error messages

[Copilot]

Permissions validation error messages contained redundant prefixes and verbose formatting that made them harder to scan. The compiler already adds "error:" and "warning:" labels, making the "ERROR:" and "WARNING:" prefixes in the message text redundant.

Changes

• Remove redundant prefixes: Drop "ERROR:" and "WARNING:" from message text (compiler adds these)
• Inline toolset context: Show (required by <toolset>) next to each permission instead of separate "Required by toolsets:" section
• Simplify branding: Change "GitHub MCP toolsets" → "github toolsets"
• Reduce verbosity: Remove unnecessary phrases like "Suggested fix:" and "Principle of least privilege:"

Before/After

Missing permissions:

- ERROR: Missing required permissions for GitHub MCP toolsets:
+ Missing required permissions for github toolsets:
    - issues: read
-   - pull-requests: read
- 
- Required by toolsets:
-   - issues: needs issues
-   - pull_requests: needs pull-requests
- 
- Suggested fix: Add the following to your workflow frontmatter:
+   - pull-requests: read (required by pull_requests)
+ 
+ Add to your workflow frontmatter:
  permissions:
    issues: read
    pull-requests: read

Excess permissions:

- WARNING: Over-provisioned permissions detected for GitHub MCP toolsets:
-   - issues: write (not required by configured toolsets)
+ Over-provisioned permissions detected for github toolsets:
+   - issues: write (not required)
  
- Principle of least privilege: Only grant permissions that are needed.
- Consider removing these permissions or adjusting your toolsets configuration.
+ Only grant permissions that are needed.

Result: 45% fewer lines for missing permissions, 50% fewer for excess permissions.

Original prompt

Pretify the permissions error message.

• avoid ERROR/WARNING as they are already rendered
• make it more compact
• GitHub MCP -> "github"
• merge Required by toolsets:... into error description.

pkg/cli/workflows/test-template-github-actions-syntax.md:1:1: error: ERROR: Missing required permissions for GitHub MCP toolsets:
  - issues: read
  - pull-requests: read

Required by toolsets:
  - issues: needs issues
  - pull_requests: needs pull-requests

Suggested fix: Add the following to your workflow frontmatter:
permissions:
  issues: read
  pull-requests: read

pkg/cli/workflows/test-template-issue-context.md:1:1: error: ERROR: Missing required permissions for GitHub MCP toolsets:
  - pull-requests: read

Required by toolsets:
  - pull_requests: needs pull-requests

Suggested fix: Add the following to your workflow frontmatter:
permissions:
  pull-requests: read

WARNING: Over-provisioned permissions detected for GitHub MCP toolsets:
  - issues: write (not required by configured toolsets)

Principle of least privilege: Only grant permissions that are needed.
Consider removing these permissions or adjusting your toolsets configuration.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[github-actions]

Agentic Changeset Generator triggered by this pull request.

[Copilot]

Pull Request Overview

This PR modernizes and simplifies permissions validation error messages by removing redundant prefixes, reducing verbosity, and inlining contextual information. The changes make error messages more scannable while maintaining all essential information.

Key changes:

• Remove redundant "ERROR:" and "WARNING:" prefixes since the compiler already adds these labels
• Inline toolset context directly with each permission instead of using a separate "Required by toolsets:" section
• Simplify branding from "GitHub MCP toolsets" to "github toolsets"

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pkg/workflow/permissions_validator.go	Main implementation of improved error message formatting with inline toolset context
pkg/workflow/permissions_validator_test.go	Updated test expectations to match new message format
pkg/workflow/permissions_excess_compilation_test.go	Updated warning detection logic and expected messages
pkg/workflow/compiler_test.go	Minor test configuration update
pkg/workflow/schemas/github-workflow.json	Schema formatting improvements (unrelated to main PR purpose)
.github/workflows/*.lock.yml	GitHub Actions version updates (unrelated to main PR purpose)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The nested loop creates O(n*m) complexity for finding which toolsets require each permission. Consider pre-computing a reverse map from scope to toolsets to improve performance when there are many toolsets and permissions.

See below for a potential fix:

	// Precompute reverse map: scope -> toolsets
	scopeToToolsets := make(map[PermissionScope][]string)
	if len(result.MissingToolsetDetails) > 0 {
		for toolset, toolsetScopes := range result.MissingToolsetDetails {
			for _, ts := range toolsetScopes {
				scopeToToolsets[ts] = append(scopeToToolsets[ts], toolset)
			}
		}
	}

	for _, scopeStr := range scopes {
		scope := PermissionScope(scopeStr)
		level := result.MissingPermissions[scope]

		// Lookup which toolsets need this permission
		requiredBy := scopeToToolsets[scope]