Safe output executor should match repository by name, not just resource alias

## Bug

The safe output executor rejects create-pull-request when the agent uses the actual Azure DevOps repository name (e.g. `sdk-FtdiDeviceControl`) instead of the pipeline resource alias (e.g. `repo-sdk-ftdidevicecontrol`).

## Reproduction

Pipeline: **OS+Tooling CG Purview**
Build: [604679](https://dev.azure.com/msazuresphere/4x4/_build/results?buildId=604679&view=logs&j=ac4260b4-ed99-5c62-2fca-fa32db2534ad&t=21fe5f65-020d-56e7-a24d-752c5685c298)

The agent emitted a `create-pull-request` safe output with `repository: sdk-FtdiDeviceControl`. The executor rejected it:

`
Repository 'sdk-FtdiDeviceControl' not in allowed list: ["repo-4x4-releaseengineering", ..., "repo-sdk-ftdidevicecontrol", ...]
`

The repository **is** checked out (as `repo-sdk-ftdidevicecontrol`, which maps to `4x4/sdk-FtdiDeviceControl`), so the PR should have been allowed.

## Expected behavior

The safe output executor should resolve the repository field against the actual Azure DevOps **repository name** (e.g. `sdk-FtdiDeviceControl`). The repository name can contain the project.

Representative repositories item:
```
- repository: repo-sdk-devicecommunication
    type: git
    name: 4x4/sdk-DeviceCommunication
```

## Actual behavior

Only the local checked out file path is accepted - it should be the repository name.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Safe output executor should match repository by name, not just resource alias #468

Bug

Reproduction

Expected behavior

Actual behavior

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Safe output executor should match repository by name, not just resource alias #468

Description

Bug

Reproduction

Expected behavior

Actual behavior

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions