Add DIFC labeling rule for create_pull_request_with_copilot (#3651)

`create_pull_request_with_copilot` (remote-only tool) was covered by the
`create_*` prefix pattern in `tools.rs` for write classification, but
had no explicit match arm in `apply_tool_labels`, causing it to fall
through to the default catch-all with no repo-scoped secrecy or writer
integrity labels applied.

## Changes

- **`guards/github-guard/rust-guard/src/labels/tool_rules.rs`**: Add
`create_pull_request_with_copilot` to the existing Issue/PR write
operations match arm alongside `create_pull_request`, applying `S(repo)`
secrecy and writer-level integrity — identical labeling to the standard
PR creation tool.

```rust
// === Issue/PR write operations (repo-scoped) ===
"create_issue" | "issue_write" | "sub_issue_write" | "add_issue_comment"
| "create_pull_request" | "create_pull_request_with_copilot"   // ← added
| "update_pull_request" | "merge_pull_request"
| "pull_request_review_write" | "add_comment_to_pending_review"
| "add_reply_to_pull_request_comment" => {
    secrecy = apply_repo_visibility_secrecy(&owner, &repo, repo_id, secrecy, ctx);
    integrity = writer_integrity(repo_id, ctx);
}
```

> [!WARNING]
>
> <details>
> <summary>Firewall rules blocked me from connecting to one or more
addresses (expand for details)</summary>
>
> #### I tried to connect to the following addresses, but was blocked by
firewall rules:
>
> - `example.com`
> - Triggering command: `/tmp/go-build2069436726/b514/launcher.test
/tmp/go-build2069436726/b514/launcher.test
-test.testlogfile=/tmp/go-build2069436726/b514/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -W .cfg 8221058/b288/ x_amd64/vet
. --gdwarf2` (dns block)
> - `invalid-host-that-does-not-exist-12345.com`
> - Triggering command: `/tmp/go-build2069436726/b496/config.test
/tmp/go-build2069436726/b496/config.test
-test.testlogfile=/tmp/go-build2069436726/b496/testlog.txt
-test.paniconexit0 -test.timeout=10m0s
/tmp/go-build2069436726/b379/vet.cfg @v1.1.3/cpu/cpu.go1.25.8
om/tetratelabs/w-c=4 x_amd64/vet -I nal/encoding/def-atomic -I
x_amd64/vet -I hB8eipdrZ -I x_amd64/vet --gdwarf-5
telabs/wazero/in-atomic -o x_amd64/vet` (dns block)
> - `nonexistent.local`
> - Triggering command: `/tmp/go-build2069436726/b514/launcher.test
/tmp/go-build2069436726/b514/launcher.test
-test.testlogfile=/tmp/go-build2069436726/b514/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -W .cfg 8221058/b288/ x_amd64/vet
. --gdwarf2` (dns block)
> - `slow.example.com`
> - Triggering command: `/tmp/go-build2069436726/b514/launcher.test
/tmp/go-build2069436726/b514/launcher.test
-test.testlogfile=/tmp/go-build2069436726/b514/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -W .cfg 8221058/b288/ x_amd64/vet
. --gdwarf2` (dns block)
> - `this-host-does-not-exist-12345.com`
> - Triggering command: `/tmp/go-build2069436726/b523/mcp.test
/tmp/go-build2069436726/b523/mcp.test
-test.testlogfile=/tmp/go-build2069436726/b523/testlog.txt
-test.paniconexit0 -test.timeout=10m0s 8221�� .cfg
ache/go/1.25.8/x64/src/database/sql/driver/driver.go x_amd64/vet
--gdwarf-5 g/grpc/credentia/usr/bin/runc -o x_amd64/vet .cfg��
k3QZ/k0KRG1xFvJtggzT2k3QZ -trimpath x_amd64/vet -p 8221058/b468/
-lang=go1.16 x_amd64/vet` (dns block)
>
> If you need me to access, download, or install something from one of
these locations, you can either:
>
> - Configure [Actions setup
steps](https://gh.io/copilot/actions-setup-steps) to set up my
environment, which run before the firewall is enabled
> - Add the appropriate URLs or hosts to the custom allowlist in this
repository's [Copilot coding agent
settings](https://github.com/github/gh-aw-mcpg/settings/copilot/coding_agent)
(admins only)
>
> </details>

Author: lpcox

guards/github-guard/rust-guard/src/labels/mod.rs

@@ -4381,6 +4381,31 @@ mod tests {
         assert_eq!(integrity, writer_integrity(repo_id, &ctx), "create_pull_request should have writer integrity");
     }
 
+    #[test]
+    fn test_apply_tool_labels_create_pull_request_with_copilot_writer_integrity() {
+        let ctx = default_ctx();
+        let repo_id = "github/copilot";
+        let tool_args = json!({
+            "owner": "github",
+            "repo": "copilot",
+            "title": "test PR",
+            "head": "feature",
+            "base": "main"
+        });
+
+        let (_secrecy, integrity, _desc) = apply_tool_labels(
+            "create_pull_request_with_copilot",
+            &tool_args,
+            repo_id,
+            vec![],
+            vec![],
+            String::new(),
+            &ctx,
+        );
+
+        assert_eq!(integrity, writer_integrity(repo_id, &ctx), "create_pull_request_with_copilot should have writer integrity");
+    }
+
     #[test]
     fn test_apply_tool_labels_merge_pull_request_writer_integrity() {
         let ctx = default_ctx();

guards/github-guard/rust-guard/src/labels/tool_rules.rs

@@ -569,7 +569,8 @@ pub fn apply_tool_labels(
 
         // === Issue/PR write operations (repo-scoped) ===
         "create_issue" | "issue_write" | "sub_issue_write" | "add_issue_comment"
-        | "create_pull_request" | "update_pull_request" | "merge_pull_request"
+        | "create_pull_request" | "create_pull_request_with_copilot"
+        | "update_pull_request" | "merge_pull_request"
         | "pull_request_review_write" | "add_comment_to_pending_review"
         | "add_reply_to_pull_request_comment" => {
             // Write operations that return the created/modified resource.

guards/github-guard/rust-guard/src/tools.rs

@@ -12,6 +12,7 @@ pub const WRITE_OPERATIONS: &[&str] = &[
     "delete_file",
     "fork_repository",
     "create_pull_request",
+    "create_pull_request_with_copilot",
     "add_comment_to_pending_review",
     "add_reply_to_pull_request_comment",
     "request_copilot_review",