chore(execd): complete the work for #332, and fix the linter errors.

[Pangjiping]

Summary

• complete the work for feat: add uid and gid support for command execution #332
• execd's work for FEATURE: support declaring uid and gid when running commands. #178

Testing

• Not run (explain why)
• Unit tests
• Integration tests
• e2e / manual verification

Breaking Changes

• None
• Yes (describe impact and migration path)

Checklist

• Linked Issue or clearly described motivation
• Added/updated docs (if needed)
• Added/updated tests (if needed)
• Security impact considered
• Backward compatibility considered

[jwx0925]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b424f6ff8a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Require UID when accepting GID in RunCommandRequest

Allowing gid to be set independently introduces a credential bug: this request is now forwarded to runtime, where buildCredential creates a non-nil syscall.Credential with Gid set but leaves Uid at its zero value; on Linux, a non-nil credential causes setuid(cred.Uid) to run, so gid-only requests attempt setuid(0) and can either fail with EPERM or run as root unexpectedly. This makes gid-only command executions unsafe/unreliable unless validation enforces uid whenever gid is provided (or runtime fills Uid with the current UID).

Useful? React with 👍 / 👎.