fix(playwright): run codegen and replay containers as host user

Run Playwright Docker containers with the current host UID/GID to avoid
root-owned files in bind-mounted workspaces.

- Add --user UID:GID and HOME override to codegen and replay
- Harden replay workspace cleanup against leftover permission issues

https://chatgpt.com/share/6984a73c-14a0-800f-a40d-778972e518b7

scripts/codegen.sh

@@ -37,6 +37,10 @@ require_cmd xhost
 
 : "${DISPLAY:=:0}"
 
+# Run containers as the current host user to avoid root-owned files in bind mounts.
+USER_ID="$(id -u)"
+GROUP_ID="$(id -g)"
+
 ROOT="$(repo_root)"
 REC_DIR="${ROOT}/${RECORDINGS_DIR}"
 WORK_DIR="${REC_DIR}/.work"
@@ -107,6 +111,8 @@ if [[ -n "${START_URL}" ]]; then
 fi
 
 docker run --rm -it \
+  --user "${USER_ID}:${GROUP_ID}" \
+  -e HOME=/tmp \
   --ipc=host \
   --network host \
   -e "DISPLAY=${DISPLAY}" \