The workspace denies `clippy::expect_used` in production. Although
`clippy.toml` allows `expect` in tests, Bazel Clippy compiles
integration-test helper code in a way that does not receive that
exemption, which encouraged verbose `unwrap_or_else(... panic!(...))`
and equivalent `match`/`let else` forms.
This allows `clippy::expect_used` once at each integration-test crate
root (including aggregated suites and test-support libraries), then
replaces manual panic-based Result and Option unwraps with
`expect`/`expect_err`. Standalone `tests/*.rs` files remain their own
crate roots. Intentional assertion and unexpected-variant panics remain
unchanged, and the production `expect_used = "deny"` lint remains in
place.
The cleanup is mechanical and net-negative in line count.
Addresses #26383 and #26452
## Summary
`codex exec --dangerously-bypass-hook-trust` printed the bypass warning,
but valid untrusted hooks still did not run.
Exec applied the flag to its initial config, then lost it when
app-server reloaded config for the new or resumed thread.
## Fix
Forward `bypass_hook_trust: true` through the existing thread request
config override for both start and resume.
The override is omitted when the flag is not enabled, preserving normal
trust behavior.
## Testing
Added:
- A test confirming start and resume preserve the override.
- An end-to-end exec test confirming a `SessionStart` hook runs and
creates a marker file.