Replace GitHub MCP server lockdown with gateway guard policy

[Copilot]

Summary

Replaces the GitHub MCP server "lockdown" feature with a guard policy from the gateway that sets repos: all and min-integrity: approved. Removes the pre-activation check for a PAT needed to run lockdown since the feature is now supported by the gateway.

Changes

Core changes

• Removed lockdown field from GitHubToolConfig type, YAML parser, and JSON schema
• Removed Lockdown and LockdownFromStep fields from GitHubMCPDockerOptions and GitHubMCPRemoteOptions
• Removed getGitHubLockdown() and hasGitHubLockdownExplicitlySet() helper functions
• Removed generateGitHubMCPLockdownDetectionStep() and the lockdown detection step from the compiled output
• Removed GITHUB_LOCKDOWN_MODE env var and X-MCP-Lockdown header from MCP server rendering
• Removed GITHUB_MCP_LOCKDOWN env var from gateway container and environment collection
• Removed experimental guard policy warning (guard policies are now the default)

New behavior

• Added getEffectiveGitHubGuardPolicies() that returns user-configured guard policies or defaults to {allow-only: {repos: "all", "min-integrity": "approved"}} — applied at the gateway level for all workflows using the GitHub MCP server
• Fixed renderGuardPoliciesToml() to support string field values (not just arrays), enabling TOML-format rendering of the repos and min-integrity policy fields

Pre-activation check removed

• Removed determine_automatic_lockdown.cjs (PAT detection script)
• Removed validate_lockdown_requirements.cjs (PAT presence validation at runtime)
• Removed call to validateLockdownRequirements from generate_aw_info.cjs

Workflow updates

• Removed lockdown: field from 17 workflow .md files in .github/workflows/
• Recompiled all 172 workflow lock files

Security Summary

No new security vulnerabilities introduced. The change replaces a server-side lockdown mechanism with an equivalent gateway-level guard policy (repos: all, min-integrity: approved). CodeQL found 0 alerts.