fix(codex): emit passthrough egress routes when not forwarding host credentials

When forward_host_credentials is false, Codex bottles should still get
tls_passthrough routes for the OpenAI/ChatGPT hosts so that tokens a
user sets via `codex login` after launch aren't stripped by pipelock's
header DLP. Previously no routes were emitted, which would have blocked
those requests entirely once pipelock enforcement tightens.

Rename the test to reflect the new expected behavior.

Assisted-by: Claude Code

tests/unit/test_agent_provider.py

@@ -117,7 +117,7 @@ class TestAgentProviderRuntime(unittest.TestCase):
             self.assertEqual(CODEX_HOST_CREDENTIAL_TOKEN_REF, r.token_ref)
             self.assertTrue(r.tls_passthrough)
 
-    def test_codex_without_forward_host_credentials_has_no_egress_routes(self):
+    def test_codex_without_forward_host_credentials_has_passthrough_egress_routes(self):
         with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp:
             plan = agent_provision_plan(
                 template="codex",
@@ -125,7 +125,14 @@ class TestAgentProviderRuntime(unittest.TestCase):
                 state_dir=Path(tmp),
                 forward_host_credentials=False,
             )
-        self.assertEqual((), plan.egress_routes)
+        self.assertEqual(
+            {r.host for r in plan.egress_routes},
+            set(CODEX_HOST_CREDENTIAL_HOSTS),
+        )
+        for r in plan.egress_routes:
+            self.assertEqual("", r.auth_scheme)
+            self.assertEqual("", r.token_ref)
+            self.assertTrue(r.tls_passthrough)
 
     def test_claude_plan_has_no_egress_routes(self):
         with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp: