fix(security): allowlist-validate runtime arg in rebuild-runtime-images.sh

The optional $1 argument flowed directly into Docker image tag names
(workspace-template:<runtime>) and filesystem paths (RUNTIME_DIR) with
no validation, enabling path traversal or unexpected tag injection via
e.g. `bash rebuild-runtime-images.sh '../evil'`.

Fix: introduce VALID_RUNTIMES allowlist and validate $1 against it
before setting RUNTIMES. Any unlisted value now exits with a clear
error message. The RUNTIMES array is populated from VALID_RUNTIMES
when no argument is given, keeping the all-runtimes default path.

shellcheck clean; $1 only appears inside the validated block.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

workspace-template/rebuild-runtime-images.sh

@@ -33,7 +33,7 @@ set -euo pipefail
 
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 HELPER_SCRIPT="${SCRIPT_DIR}/scripts/molecule-git-token-helper.sh"
-RUNTIMES=(langgraph claude-code openclaw crewai autogen deepagents)
+VALID_RUNTIMES=(langgraph claude-code openclaw crewai autogen deepagents)
 
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
@@ -45,9 +45,21 @@ err()  { echo -e "${RED}[rebuild]${NC} $1"; }
 
 # ─────────────────────────────────────────────────────
 # Argument: optional single runtime to rebuild
+# Allowlist-validated: $1 must be one of VALID_RUNTIMES.
+# Prevents path traversal and unexpected Docker tag injection.
 # ─────────────────────────────────────────────────────
-if [ "${1:-}" != "" ]; then
+if [ -n "${1:-}" ]; then
+  valid=0
+  for v in "${VALID_RUNTIMES[@]}"; do
+    [ "$1" = "$v" ] && valid=1 && break
+  done
+  if [ "${valid}" -eq 0 ]; then
+    err "Unknown runtime '${1}'. Valid: ${VALID_RUNTIMES[*]}"
+    exit 1
+  fi
   RUNTIMES=("$1")
+else
+  RUNTIMES=("${VALID_RUNTIMES[@]}")
 fi
 
 # ─────────────────────────────────────────────────────