Fix console Docker build context and GHCR owner handling; add actionlint and local demo fixes

[MontrealAI]

Motivation

• Fix failing image builds where apps/console/Dockerfile expected nginx.conf at the repo root by using the correct build context.
• Ensure GHCR image tags and provenance subjects use a lower-cased registry owner to avoid invalid tag errors from docker/build-push-action.
• Prevent local demo deployment failures caused by transactions exceeding local provider gas limits and avoid generating zero-address demo components.
• Add workflow validation to catch workflow/YAML issues earlier using actionlint.

Description

• Update .github/workflows/apps-images.yml and .github/workflows/release.yml to build the console image with context: apps/console and file: Dockerfile, and add a REGISTRY_OWNER (lower-cased) environment value and outputs used in tags and provenance.
• Add .github/workflows/actionlint.yml to run rhysd/actionlint@v1.7.10 and quote hex env vars and script invocations across CI/demo workflows to fix shell/parsing issues.
• Bump Foundry toolchain references and update various demo workflows to quote hex keys and other CLI args for robust parsing.
• Add local network gas handling in scripts/v2/deployDefaults.ts (LOCAL_NETWORKS, getLocalGasLimitOverride) and thread txOverrides into contract deploy calls, improve network inference in scripts/v2/ownerParameterMatrix.ts using inferNetworkKey/CHAIN_ID, and add test/v2/DemoOwnerMatrixBootstrap.test.js to assert non-zero demo addresses after bootstrap.

Testing

• No automated CI tests were executed in this environment because Docker was not available to run docker buildx build.
• The actionlint workflow was added to the repository but was not executed as part of this rollout.
• The new unit/integration test test/v2/DemoOwnerMatrixBootstrap.test.js was added but was not run in this environment.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f4b47e4d52

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore administration:read for branch protection audit

The branch_protection job still runs npm run ci:verify-branch-protection on non‑fork runs, and that script calls the GitHub branch protection API; the repo’s own docs state this check requires a token with administration:read scope (see ci/README.md “Branch protection automation”). With the permission removed here, the GITHUB_TOKEN will lack that scope on pushes/internal PRs, so the API request will 403 and the guard job will fail instead of auditing branch protection.

Useful? React with 👍 / 👎.