Make the Windows process-container test harness capability-driven

[MGudgin]

📖 Description

Reworks the Windows process-container test harness to be capability-driven:
it runs the correct checks on any Windows build (Nickel 23H2 / Germanium
24H2+25H2) by deriving the expected isolation tier and per-limit expectations
from wxc-exec --probe at runtime, instead of branching on the OS version.
Renames the harness accordingly, adds a working
JOB_OBJECT_UILIMIT_INJECTION probe, and makes the result output unambiguous.

Highlights:

• Capability-driven harness + rename. Tier and per-limit expectations come
  from --probe; renamed Win25H2Safe-Tests.ps1 → WinProcessContainer-Tests.ps1
  and updated stale references (T3-Workloads.ps1, wxc main.rs,
  filesystem_dacl.rs).
• BaseContainer (Tier 1) support. Tier-aware telemetry/assertions and a new
  probes.baseContainerSupportsDenyPaths fact (SANDBOX_CAP_DENY_PATHS) so
  deniedPaths tests auto-skip where the BaseContainer tier can't yet enforce
  them and auto-enable when the capability ships. Fixed a T1 New-Config
$null-array-collapse crash under StrictMode.
• HANDLES probe switched from GetWindowTextW to GetWindowThreadProcessId
  so it reads window-manager state directly and isn't confounded by UIPI or the
  target pumping messages.
• INJECTION probe (JOB_OBJECT_UILIMIT_INJECTION, build 26100+) now creates
  and foregrounds its own top-level window before SendInput. The kernel's
  DoInputCheck evaluates the foreground-accessible check before the injection
  job-limit check and silently skips the input (returning success) when the
  foreground belongs to another inaccessible process, so a contained process on
  an interactive desktop would otherwise misread enforcement as "not enforced".
  Owning the foreground (the kernel permits injecting into one's own window)
  makes the limit actually evaluate. New INJECTION=INCONCLUSIVE outcome →
  harness SKIP when the foreground can't be owned, rather than a false verdict.
• Result reporting. Record-Result gains skip/warn statuses
  ([SKIP]/[WARN], non-failing, yellow) so a not-applicable or not-enforced
  check is never shown as a green [PASS]; the summary and JSON carry
  skipped/warnings counts. Probe PASS/FAIL tokens are translated to semantic
  verbs in output (blocked/allowed for UI/atom probes, allowed/denied for the
  filesystem matrix) so a green [PASS] line never contains the word FAIL.
• Dropped stale "T3 forced" labels from the Phase 4b/4c headers (those phases run
  on the host's baseline tier).

Note: This PR targets user/gudge/job_limit_test_fixes (the head of
#544). It should be rebased onto main and retargeted once #544 merges.

🔗 References

• Builds on Fix JOB_OBJECT_UILIMIT probe assertions in Win25H2Safe-Tests #544.

🔍 Validation

• cargo fmt --all -- --check, cargo check --workspace --all-targets, and
  cargo clippy --workspace --all-targets -- -D warnings: all clean.
• cargo test: appcontainer_common 126 passed, wxc_common 338 passed, 0
  failures.
• Direct verification on build 26200: a process self-assigned to a job with
  JOB_OBJECT_UILIMIT_INJECTION is blocked by SendInput
  (gle=ERROR_ACCESS_DENIED), confirming the OS enforces the limit; the
  reworked probe run contained via wxc-exec reports INJECTION=PASS
  ("owns foreground", injected 0/1 gle=5) where the old probe falsely reported
  not-enforced.
• Harness parse-checked via [Parser]::ParseFile; unit-tested the INJECTION
  verdict gate (enforced / not-enforced / inconclusive / build-gated) and the
  verdict-translation helpers (UI / filesystem / atom token sets, plus DIAG and
  <missing> pass-through).
• Validated end-to-end on interactive 23H2 (22631), 25H2 (26200), and 25H2+
  (26634) machines — INJECTION correctly skips when the foreground is stolen
  mid-run and passes when left alone. Full Phase 4b/4c not run on the shared dev
  host (EXITWINDOWS carries a logoff risk).

Microsoft Reviewers: Open in CodeFlow

[jsidewhite]

The base branch was changed.

[Copilot]

Pull request overview

Reworks the Windows process-container test harness to be capability-driven by deriving tier/feature expectations from wxc-exec --probe at runtime, and extends the probing surface to cover BaseContainer deniedPaths capability plus a working UI INJECTION probe.

Changes:

• Renames and refactors the Windows harness to compute expected tier/capabilities once (from --probe) and adapt assertions/phase applicability accordingly.
• Updates wxc-ui-probe to use GetWindowThreadProcessId for HANDLES and adds the INJECTION probe that creates/foregrounds its own window before calling SendInput.
• Extends wxc-exec --probe facts with baseContainerSupportsDenyPaths (derived from Experimental_QuerySandboxSupport) and updates call sites/comments.

Show a summary per file

File	Description
tests/scripts/WinProcessContainer-Tests.ps1	Capability-driven harness refactor, tier-derived expectations, SKIP/WARN reporting, and INJECTION handling.
tests/scripts/T3-Workloads.ps1	Updates harness reference after rename.
src/testing/wxc_ui_probe/src/main.rs	HANDLES probe update + new INJECTION probe implementation.
src/core/wxc/src/main.rs	Updates comment reference to renamed harness.
src/core/wxc_common/src/filesystem_dacl.rs	Updates comment reference to renamed harness.
src/backends/appcontainer/common/src/probe.rs	Adds base_container_supports_deny_paths to --probe facts.
src/backends/appcontainer/common/src/base_container_runner.rs	Adds SANDBOX_CAP_DENY_PATHS capability decode and probe helper.

Copilot's findings

Comments suppressed due to low confidence (1)

tests/scripts/WinProcessContainer-Tests.ps1:469

• Get-HostCapabilities casts $p.tier to [string] before validating it. If the probe returns a detector error (tier is null), $tier becomes "" and later helpers like Test-SelectedTier can match trivially (regex escape of empty string), producing false PASS results. Fail fast when --probe omits tier (or returns an empty tier) and include the probe error/warnings in the exception so the harness can’t silently proceed with an unknown tier.

• Files reviewed: 7/7 changed files
• Comments generated: 1

[jsidewhite]