[ARC/DinD] Emit chroot.binariesSourcePath and chroot.identity in stdin-config for DinD topology

[lpcox]

Problem

AWF gained chroot.binariesSourcePath and chroot.identity.* config support in gh-aw-firewall#4587, which would allow the copilot binary and runner identity to be properly resolved without workflow-level workarounds. However, gh-aw does not emit these fields in the stdin-config passed to AWF.

This forces ARC/DinD users to maintain a bootstrap action that:

1. Copies the copilot binary into the DinD daemon's /usr/local/bin/ via docker run
2. Creates a shim wrapper to set HOME/USER/LOGNAME env vars (because AWF chroot passes the wrong identity vars)
3. Pre-seeds the DinD daemon's /etc/passwd with the runner UID

Expected Behavior

When gh-aw detects an ARC/DinD topology (e.g., DOCKER_HOST=tcp://... or a DinD sidecar pod), it should emit:

{
  "chroot": {
    "binariesSourcePath": "/path/to/staged/binaries",
    "identity": {
      "user": "runner",
      "uid": 1001,
      "gid": 1001,
      "home": "/tmp/gh-aw/home"
    }
  }
}

This would let AWF handle binary staging and identity resolution natively, eliminating the bootstrap action workaround entirely.

Context

• Upstream report: [ARC-DinD] ARC/DinD support in v0.75.4 still requires workflow-level workarounds #34896
• AWF implementation: gh-aw-firewall#4587
• AWF tracking issues: gh-aw-firewall#4829, gh-aw-firewall#4830
• Current workaround: arc-gaw-bootstrap composite action (see issue [ARC-DinD] ARC/DinD support in v0.75.4 still requires workflow-level workarounds #34896 comments from @github-antoine-brechon, June 12 2026)
• gh-aw version tested: v0.79.5
• AWF version tested: v0.27.1

Impact

Eliminating this workaround would:

• Remove ~80 lines of bootstrap shell script from consumer repos
• Remove the need to bake node into a custom DinD image
• Remove the copilot shim wrapper (HOME/USER/LOGNAME override)
• Make ARC/DinD a first-class supported topology