Add local credential broker

[winston-openai]

Summary

• extend [features.network_proxy] with credential_broker = true
• virtualize injectable GitHub and OpenAI env credentials into dummy child-process tokens
• keep real credentials in the managed network proxy and inject them only on matching MITM requests
• require MITM for brokered hosts, including blocking SOCKS5 bypass for those hosts
• address fresh cargo-deny RustSec findings with a safe rand patch update and a narrow no-safe-upgrade exception
• opt Bazel-backed CI into the bazel environment so this stale stack can read the current BuildBuddy secret
• raise the sdks workflow timeout after repeated Bazel/V8 compile cancellations at the previous 10-minute wall

Why

Codex child processes currently inherit injectable local credentials directly. This first slice lets the existing managed network proxy replace supported env credentials with lookalike dummy values while preserving authenticated requests through MITM.

Notes

• initial scope is GH_TOKEN, GITHUB_TOKEN, GH_ENTERPRISE_TOKEN, GITHUB_ENTERPRISE_TOKEN, GH_HOST, and OPENAI_API_KEY
• GitHub cloud credentials match github.com, api.github.com, and *.ghe.com
• arbitrary GHES credentials only re-inject when GH_HOST binds the destination; unbound enterprise tokens are dummied but not injected
• this intentionally does not cover SSH agents, kube client certs, filesystem secret scanning, or context-injected secret scrubbing yet
• cargo-deny surfaced RUSTSEC-2026-0173 after the previous green main run; RustSec reports no safe upgrade for proc-macro-error2, so the exception is mirrored in deny.toml and .cargo/audit.toml
• this PR is stacked on an older June 4 base; current Bazel-backed workflows now need the bazel GitHub Actions environment for BUILDBUDDY_API_KEY, so this carries that narrow upstream CI hunk without merging all of main through the stack
• sdk timed out twice while Bazel was still compiling V8, and main had a recent cancellation with the same 10-minute limit; this only widens that job to 20 minutes

Validation

• just write-config-schema
• just test -p codex-features
• just test -p codex-network-proxy
• just test -p codex-core network_proxy_credential_broker_feature_config_requires_mitm
• just fix -p codex-network-proxy -p codex-features -p codex-core
• just argument-comment-lint
• just fmt
• cargo update -p rand@0.8.5 --precise 0.8.6
• just bazel-lock-update
• just bazel-lock-check
• env CARGO_HOME=/tmp/cargo-home /tmp/cargo-deny/bin/cargo-deny check
• ruby -e 'require "yaml"; ARGV.each { |path| YAML.load_file(path) }' .github/workflows/bazel.yml .github/workflows/rust-ci.yml .github/workflows/rust-ci-full.yml .github/workflows/sdk.yml .github/workflows/rusty-v8-release.yml .github/workflows/v8-canary.yml
• git diff --check

Stacked on

• Prepare managed child MITM CA env #25888 Prepare managed child MITM CA env