fix(oauth): use real HF OAuth on this Docker Space instead of mock login

Gradio's get_space() only returns truthy when SYSTEM=="spaces", which HF
sets on Gradio-SDK Spaces but not on sdk: docker Spaces like this one.
Without it, mount_gradio_app wired up Gradio's MOCK OAuth routes: they
never contact hf.co and log every visitor in as the container token's
owner (our HF_TOKEN account). Because that account is in CADGENBENCH_ADMINS,
this leaked the "Logout (michaelr27)" identity to all visitors and granted
admin to anyone who completed the (mock) login.

Set SYSTEM=spaces when running on a Space (SPACE_ID present) so the real
hf_oauth: true flow runs; left unset locally so the local mock login still
works for dev.

Co-authored-by: Cursor <cursoragent@cursor.com>

app.py

@@ -1332,6 +1332,20 @@ app.add_api_route(
     serve_task_input,
     methods=["GET"],
 )
+# Gradio picks REAL Hugging Face OAuth vs. a local "mock" login via
+# ``gradio.utils.get_space()``, which is only truthy when ``SYSTEM ==
+# "spaces"``. HF sets that on Gradio-SDK Spaces but NOT on ``sdk: docker``
+# Spaces like this one. Without it, ``mount_gradio_app`` wires up the MOCK
+# OAuth routes, which never contact hf.co and instead log every visitor in
+# as the container token's owner (our ``HF_TOKEN`` account) -- leaking that
+# identity into the LoginButton and, since that account is in
+# ``CADGENBENCH_ADMINS``, handing every visitor admin. Force it on only when
+# we're actually running on a Space (``SPACE_ID`` is HF-injected on all
+# Spaces, Docker included) so the real ``hf_oauth: true`` flow runs; locally
+# (no ``SPACE_ID``) it stays unset so Gradio's local mock login still works
+# for dev. Must precede the mount, which is what triggers ``attach_oauth``.
+if os.environ.get("SPACE_ID") and os.environ.get("SYSTEM") != "spaces":
+    os.environ["SYSTEM"] = "spaces"
 app = gr.mount_gradio_app(app, blocks, path="/")