Sign run attribution metadata

[eloylp]

Summary

• sign public run attribution metadata before agent execution and render exact copyable comment/trailer values into the prompt
• verify all gathered attribution metadata during feedback capture, logging invalid blocks while only trusting valid signed metadata for exact attribution
• reject exact attribution for unsigned metadata when signing is enabled, bad signatures, wrong instances, copied metadata from another repo/PR, and unknown spans
• document AGENTS_ATTRIBUTION_SIGNING_SECRET, AGENTS_INSTANCE_ID, and secret-rotation behavior

Validation

• GOCACHE=/tmp/go-build-agents go test ./internal/workflow ./internal/observe ./internal/ai ./internal/config ./internal/webhook
• GOCACHE=/tmp/go-build-agents go test ./...
• local daemon E2E on eloylp/test-acme-repo covered: valid signed metadata, unsigned legacy metadata, invalid signature, wrong instance, copied footer/wrong PR number, unknown span, multiple metadata blocks, unauthorized author, and secret rotation

Notes

• The local lab-coder Codex run hit an unrelated stale Codex refresh token, but the daemon persisted the composed prompt before backend execution, so signed prompt generation and attribution persistence were still verified.