Fix MCP tool availability and shell escaping in tag mode

Pass MCP config and allowed tools through claude_args to ensure tools like
mcp__github_comment__update_claude_comment are properly available to Claude CLI.

Key changes:
- Tag mode outputs claude_args with MCP config (as JSON string) and allowed tools
- Fixed shell escaping vulnerability when JSON contains single quotes
- Agent mode passes through user-provided claude_args unchanged
- Re-added mcp_config input for users to provide custom MCP servers
- Cleaned up misleading comments and unused file operations
- Clarified test workflow is for fork testing

Security fix: Properly escape single quotes in MCP config JSON to prevent
shell injection vulnerabilities.

Co-Authored-By: Claude <noreply@anthropic.com>

src/entrypoints/prepare.ts

@@ -6,7 +6,6 @@
  */
 
 import * as core from "@actions/core";
-import { writeFile } from "fs/promises";
 import { setupGitHubToken } from "../github/token";
 import { checkWritePermissions } from "../github/validation/permissions";
 import { createOctokit } from "../github/api/client";
@@ -58,11 +57,7 @@ async function run() {
       githubToken,
     });
 
-    // Write MCP config to a file and set the file path as output
-    const mcpConfigPath = `${process.env.RUNNER_TEMP}/claude-mcp-config.json`;
-    await writeFile(mcpConfigPath, result.mcpConfig);
-    core.setOutput("mcp_config", result.mcpConfig);
-    core.setOutput("mcp_config_file", mcpConfigPath);
+    // MCP config is handled by individual modes (tag/agent) and included in their claude_args output
 
     // Step 6: Get system prompt from mode if available
     if (mode.getSystemPrompt) {