chore: remove all pipelock references from tests, docs, and non-pipelock source

- Strip pipelock from all unit and integration test fixtures:
  proxy_plan fields removed from DockerBottlePlan/SmolmachinesBottlePlan
  constructors; pipelock-specific test classes deleted or renamed
- Update test_sidecar_init: remove test_pipelock_loses_egress_tokens,
  rename "pipelock" daemon fixtures to "git-gate" throughout
- Remove test_pipelock_binary_present_and_versioned from integration test
- Remove test_pipelock_answers_on_bundle_ip from smolmachines launch test
- Update _SANDBOX_BLOCK_MARKERS: remove "pipelock" marker (egress blocks)
- Dockerfile.sidecars: remove pipelock build stage and COPY; update layout
  comments and port table
- egress_entrypoint.sh: update comments now that egress is sole proxy
- Clean up pipelock references in comments/docstrings across backend,
  network, manifest, supervise, git_gate, yaml_subset, agent_provider,
  sidecar_bundle, sidecar_init, egress_addon_core modules

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

bot_bottle/backend/util.py

@@ -14,7 +14,6 @@ from ..log import die, info
 
 if TYPE_CHECKING:
     from ..egress import EgressPlan
-    from ..pipelock import PipelockProxyPlan
 
 
 # Debian-family CA layout, shared by every backend (all guest images
@@ -35,35 +34,20 @@ def host_skill_dir(name: str) -> str:
     return f"{home}/.claude/skills/{name}"
 
 
-def select_ca_cert(
-    egress_plan: EgressPlan, proxy_plan: PipelockProxyPlan
-) -> tuple[Path, str]:
-    """Pick the agent-facing CA cert (and a short label for the log
-    line) that matches the proxy the agent's HTTP_PROXY points at.
-    Egress wins when the bottle declares any routes (it sits in front
-    of pipelock); else pipelock.
+def select_ca_cert(egress_plan: EgressPlan) -> tuple[Path, str]:
+    """Return the egress MITM CA cert path and label for provision_ca.
 
-    Shared by every backend's `provision_ca`: launch mints the chosen
-    CA(s) and re-binds their host paths into these inner plans before
-    provision runs, so an empty/missing path here means launch's
-    bringup is broken — fatal."""
-    if egress_plan.routes:
-        cert = egress_plan.mitmproxy_ca_cert_only_host_path
-        if cert == Path() or not cert.is_file():
-            die(
-                f"egress CA cert missing at {cert or '(empty)'}; "
-                f"launch must have called egress_tls_init and "
-                f"re-bound the plan before provision"
-            )
-        return cert, "egress"
-    cert = proxy_plan.ca_cert_host_path
-    if not cert or not cert.is_file():
+    Launch always mints the CA and re-binds the host path into the
+    egress_plan before provision runs, so an empty/missing path here
+    means launch's bringup is broken — fatal."""
+    cert = egress_plan.mitmproxy_ca_cert_only_host_path
+    if cert == Path() or not cert.is_file():
         die(
-            f"pipelock CA cert missing at {cert or '(empty)'}; "
-            f"launch must have called pipelock_tls_init and re-bound "
-            f"the plan before provision"
+            f"egress CA cert missing at {cert or '(empty)'}; "
+            f"launch must have called egress_tls_init and "
+            f"re-bound the plan before provision"
         )
-    return cert, "pipelock"
+    return cert, "egress"
 
 
 def log_ca_fingerprint(cert_host_path: Path, label: str) -> None: