fix: restore MCP CLI concept explanation and fix safeoutputs framing (#39689)

* fix: restore MCP CLI concept explanation and fix safeoutputs framing (#39684)

- Restore concept explanation to mcp_cli_tools_prompt.md that was
  stripped by PR #36778: servers are CLI executables on PATH, not MCP
  tools; include usage example and JSON stdin mode
- Fix safe_outputs_prompt.md line 2: 'safeoutputs MCP server tools'
  → 'safeoutputs CLI tool' to match the CLI framing
- Update prompts.go comment to match

* fix: use RUNNER_TEMP path for safe_outputs_mcp_server.cjs in gateway config

PR #39100 introduced the containerized stdio transport for safeoutputs but
hardcoded ${GITHUB_WORKSPACE}/actions/setup/js/safe_outputs_mcp_server.cjs
as the entrypoint. This path only exists in the gh-aw repo's own workspace.

For consumer repos (e.g. github-automation), GITHUB_WORKSPACE is that repo's
checkout which does not contain actions/setup/js/. The gateway container
gets MODULE_NOT_FOUND, crashes with EOF on initialize, and registers 0 tools.
The agent then spends ~30 minutes trying to discover the tool schema before
failing.

Fix: use ${RUNNER_TEMP}/gh-aw/safeoutputs/safe_outputs_mcp_server.cjs —
setup.sh already copies the file there and that directory is mounted rw.

Recompile all 249 lock files.

Observed in: https://github.com/github/github-automation/actions/runs/27647012218

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* fix: update integration tests for RUNNER_TEMP safeoutputs path

* commit tweaks

* fix: update remaining tests for RUNNER_TEMP safeoutputs path

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Author: dsyme