Severity: Blocker for any workflow using push-to-pull-request-branch

Reproduction: Create a workflow with safe-outputs: push-to-pull-request-branch. The agent makes a fix, commits locally, and calls push_to_pull_request_branch.

Expected: The safe outputs handler fetches the PR branch, applies the patch, and pushes.

Actual: The clean_git_credentials.sh script runs in the agent job and strips git authentication from .git/config. When the safe outputs handler later tries git fetch origin <branch>, it fails with exit code 128 because there are no credentials.

Log evidence: push_to_pull_request_branch:Failed to fetch branch <name>: The process '/usr/bin/git' failed with exit code 128

Root cause: The credential cleaning is a security measure for the agent sandbox, but the safe outputs handler runs in a separate step that also needs git credentials. The safe outputs job does reconfigure git credentials in its own "Configure Git credentials" step, but push_to_pull_request_branch handler does a git fetch that relies on the agent job's credentials being intact for patch generation.

Workaround: Replace run: bash /opt/gh-aw/actions/clean_git_credentials.sh with a no-op in the lock file. Must be reapplied after every recompile.