Add ifc label for list_issues tool

[gokhanarkan]

Emits an IFC SecurityLabel on the list_issues tool result when the InsidersMode flag is enabled, mirroring the pattern landed for get_me in #2432.

Refs github/copilot-mcp-core#1623, github/copilot-mcp-core#1389. This is one of the ingress tools listed in #1623's tool table.

What this PR does

• Wires _meta.ifc onto the list_issues CallToolResult when deps.GetFlags(ctx).InsidersMode is true. No behaviour change when the flag is off.
• Public repos → PublicUntrusted() (issue contents are attacker-controllable, so integrity is untrusted; readers are ["public"]).
• Private repos → PrivateUntrusted([owner]) as a placeholder for the reader set. See limitation below.
• Adds an IsPrivate field to all four ListIssues*Query* GraphQL types so visibility is available without an extra REST round trip. IssueQueryResult gains a GetIsPrivate() bool method.

New shared helpers

Adds four general label constructors in pkg/ifc/ifc.go to seed reuse for upcoming ingress tools (get_file_contents, search_issues, …):

• PublicTrusted()
• PublicUntrusted()
• PrivateTrusted([]string)
• PrivateUntrusted([]string)

LabelGetMe() is refactored to delegate to PublicTrusted(); output is byte-for-byte identical (covered by the existing Test_GetMe_IFC_InsidersMode test). Flagging this for reviewers in case duplication concerns come up — happy to slim back to a single LabelListIssues helper if preferred.

Known limitation (called out for reviewers)

For private repositories, the confidentiality reader set is currently [owner] rather than the full collaborator list. Fetching collaborators requires a paginated REST call per list_issues invocation; rather than bake that into this PR, I'd like to land a shared visibility/collaborators helper in a follow-up that get_file_contents and search_issues can also share. There's a TODO(fides) comment at the call site.

Tests

Test_ListIssues_IFC_InsidersMode mirrors Test_GetMe_IFC_InsidersMode with three subtests:

1. Insiders off → result.Meta == nil.
2. Insiders on, public repo → integrity=untrusted, confidentiality=["public"].
3. Insiders on, private repo → integrity=untrusted, confidentiality=["<owner>"].

Existing Test_ListIssues GraphQL query strings and mock responses were updated to include the new isPrivate field.

Validation

• go test -race ./... — green.
• gofmt -s clean; go vet ./... clean.
• (./script/lint itself fails locally with a pre-existing golangci-lint Go-version mismatch unrelated to this change.)
• No tool schema/annotation changes → no toolsnap or README regeneration needed.

[Copilot]

Pull request overview

Adds Information Flow Control (IFC) _meta.ifc labeling to the list_issues MCP tool output when InsidersMode is enabled, matching the existing get_me pattern and enabling downstream enforcement/telemetry to reason about tool-output integrity/confidentiality.

Changes:

• Added reusable IFC label constructors in pkg/ifc (public/private × trusted/untrusted) and refactored LabelGetMe() to delegate to PublicTrusted().
• Extended list_issues GraphQL query types to fetch repository isPrivate, and emits an IFC label onto CallToolResult.Meta["ifc"] in insiders mode.
• Added Test_ListIssues_IFC_InsidersMode and updated existing list_issues GraphQL test fixtures/query strings to include isPrivate.

Show a summary per file

File	Description
pkg/ifc/ifc.go	Adds shared IFC label constructors and a LabelListIssues helper used by tools to attach consistent labels.
pkg/github/issues.go	Fetches repository.isPrivate in list_issues queries and conditionally attaches _meta.ifc when InsidersMode is enabled.
pkg/github/issues_test.go	Updates list_issues GraphQL expectations for isPrivate and adds coverage for IFC meta emission in insiders mode.

Copilot's findings

• Files reviewed: 3/3 changed files
• Comments generated: 0