The pod doesn't have securityContext when it create by workflow_call

[Rory-Z]

Checks

• [X] I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
• [X] I am using charts that are officially provided

Controller Version

0.9.1

Deployment Method

Helm

Checks

• [X] This isn't a question or user support case (For Q&A and community support, go to Discussions).
• [X] I've read the Changelog before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes

To Reproduce

1.Deploy arc and arc-runner-set by helm, the arc-runner-set's value like this

githubConfigUrl: https://github.com/own/repo
githubConfigSecret: arc-github-token

containerMode:
  type: kubernetes
  kubernetesModeWorkVolumeClaim:
    accessModes:
      - ReadWriteOnce
    resources:
      requests:
        storage: 1Gi

runnerScaleSetName: aws-eks-platform-manager-stack

template:
  spec:
    securityContext:
      fsGroup: 123 ## This is the GID of the docker group in the container
    containers:
      - name: runner
        image: ghcr.io/actions/actions-runner:latest
        command: ["/home/runner/run.sh"]

2. Create a workflow file

   
   name: Actions Runner Controller Demo
   on:
   push:
   branches:
     - ci/**
   workflow_dispatch:

jobs: deploy: uses: ./.github/workflows/deploy.yaml

3. Running this workflow

### Describe the bug

when running my workflow, I got error: `Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/set_env_6fe63793-a7e7-41c6-8549-b41736783cc5'
`

watch my k8s pod, I found when running workflow, double pods will be created, it is `runner-name-wp8ht-runner-b22sr` and `runner-name-wp8ht-runner-b22sr-workflow`

And I check these double pods, I found the `runner-name-wp8ht-runner-b22sr` has `.spec.securityContext.fsGroup: 123`, I think this configure from my helm values.yaml, it is good, but the `runner-name-wp8ht-runner-b22sr-workflow` doesn't have this, it's `.spec.securityContext: {}`, I think this is why I got `permission denied` error

### Describe the expected behavior

the `runner-name-wp8ht-runner-b22sr-workflow` has correct securityContext

### Additional Context

```yaml
githubConfigUrl: https://github.com/own/repo
githubConfigSecret: arc-github-token

containerMode:
  type: kubernetes
  kubernetesModeWorkVolumeClaim:
    accessModes:
      - ReadWriteOnce
    resources:
      requests:
        storage: 1Gi

runnerScaleSetName: runner-name

template:
  spec:
    securityContext:
      fsGroup: 123 ## This is the GID of the docker group in the container
    containers:
      - name: runner
        image: ghcr.io/actions/actions-runner:latest
        command: ["/home/runner/run.sh"]

Controller Logs

https://gist.github.com/Rory-Z/056060fe813263c127e997d4f08afad9#file-gistfile1-txt

Runner Pod Logs

https://gist.github.com/Rory-Z/056060fe813263c127e997d4f08afad9#file-runner-fd47b7ff-listener-logs

[github-actions[bot]]

Hello! Thank you for filing an issue.

The maintainers will triage your issue shortly.

In the meantime, please take a look at the troubleshooting guide for bug reports.

If this is a feature request, please review our contribution guidelines.

[nikola-jokic]

Hey @Rory-Z,

The spec applied to the runner pod is not inherited by the workflow pod created by the hook. To apply security context, please use hook extensions.