Respond to security feedback on git credentials implementation

[Copilot]

Responded to @bwalsh's request regarding the security concern raised by the bot reviewer about git credentials being written to plain text.

Context

The bot reviewer identified that the init container writes the GitHub PAT to /gitcreds/.git-credentials in plain text:

# Current implementation (lines 54-61)
set -e
if [ -z "$GIT_USERNAME" ] || [ -z "$GIT_PAT" ]; then
  echo "GIT_USERNAME or GIT_PAT not set"
  exit 1
fi
mkdir -p /gitcreds
CRED_STRING="https://${GIT_USERNAME}:${GIT_PAT}@github.com"
echo "${CRED_STRING}" > /gitcreds/.git-credentials

The file is then mounted to the main container, exposing the token unnecessarily.

Response

Clarified that I cannot create GitHub issues directly but can implement the suggested git credential helper solution that sources credentials from environment variables instead of persisting them to disk.

Awaiting confirmation to proceed with implementing the security fix.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.