Revert safe-outputs MCP transport to agent-job HTTP sidecar

[Copilot]

This rolls back the safe-outputs transport change introduced by #39100: safe-outputs no longer runs as a containerized stdio MCP server. The workflow/compiler path is returned to the prior model where safe-outputs is started in the agent job as an HTTP sidecar and referenced via host URL + auth header.

• MCP rendering reverted to HTTP sidecar

  • safeoutputs config now emits HTTP transport again for JSON/TOML outputs.
  • Restores host resolution behavior (host.docker.internal with sandbox agent, localhost when agent is disabled).
  • Restores Authorization header wiring from GH_AW_SAFE_OUTPUTS_API_KEY.

• Safe-outputs setup flow restored in agent job

  • Reintroduces generation of safe-outputs runtime connection outputs (API key + port).
  • Reintroduces sidecar startup step via start_safe_outputs_server.sh.
  • Preserves existing safe-outputs config/tools generation path.

• Container predownload behavior aligned with rollback

  • Removes safe-outputs gh-aw-node image collection from default MCP container predownload logic.

• Tests/expectations updated to pre-container behavior

  • Reverts affected safe-outputs renderer/integration and docker image expectation tests to HTTP-sidecar semantics.

"safeoutputs": {
  "type": "http",
  "url": "http://host.docker.internal:$GH_AW_SAFE_OUTPUTS_PORT",
  "headers": {
    "Authorization": "$GH_AW_SAFE_OUTPUTS_API_KEY"
  }
}