security: extend AllowHostJobsFromLabels policy to job-run volume mounts

[CybotTM]

Background

Discovered during review of #461. The existing security policy in buildFromDockerLabels (lines 32-46 in cli/docker-labels.go) filters out job-local and job-compose when AllowHostJobsFromLabels is false, preventing container-to-host privilege escalation.

However, job-run is not covered by this policy. A job-run can specify volume=/:/host:rw via labels, which would mount the host filesystem into the newly created container — effectively the same privilege escalation vector that the policy was designed to prevent.

Similarly, both job-exec and job-run allow specifying a container parameter from non-service containers, enabling cross-container execution. This is by design (labels on container A can target container B), but it may warrant documentation or an opt-in flag.

Pre-existing

This is not introduced by #461 — it exists on main today. PR #461 mirrors the existing job-exec pattern for job-run, which is consistent but doesn't add protection either.

Suggested scope

1. Extend the AllowHostJobsFromLabels security check to validate that runJobs do not contain host volume mounts
2. Consider documenting the cross-container execution behavior and its trust implications
3. Optionally, add a flag to restrict container parameter to the label-bearing container only