fix: pin AWF container images to specific firewall version

[jamesadevine]

Pulls versioned Docker images (e.g. \ghcr.io/.../squid:v0.5.0) instead of :latest\ to ensure reproducible builds, then tags them as :latest\ for backward compatibility with AWF.

This prevents silent breakage when upstream images are updated.

[github-actions]

🔍 Rust PR Review

Summary: Looks good — clean, correct change with no issues.

Findings

✅ What Looks Good

• Correct version source: {{ firewall_version }} maps to the AWF_VERSION constant ("0.23.1") in src/compile/common.rs, so the pulled image tag (v0.23.1) is guaranteed to match the AWF binary downloaded just above it in the same pipeline step. No version skew possible.
• Symmetric update: Both occurrences in templates/base.yml (the PerformAgenticTask job and the ProcessSafeOutputs job) are updated identically — no missed site.
• docker tag rationale is sound: Re-tagging the pinned image as :latest is the right pattern when AWF references its own container images by the :latest tag internally. Avoids having to patch AWF's internals.
• Security improvement: Pulling by digest-equivalent versioned tag eliminates silent breakage from upstream image mutations — a real supply-chain risk with :latest.

No bugs, logic issues, or security concerns found.

Generated by Rust PR Reviewer for issue #30 · ◷