Validate the process spec on runsc run.

The run command was missing the process spec validation.

Updates #11736

PiperOrigin-RevId: 761704978

Author: ayushr2

pkg/test/testutil/testutil.go

@@ -283,6 +283,7 @@ func NewSpecWithArgs(args ...string) *specs.Spec {
 				"PATH=" + os.Getenv("PATH"),
 			},
 			Capabilities: specutils.AllCapabilities(),
+			Cwd:          "/",
 		},
 		Mounts: []specs.Mount{
 			// Hide the host /etc to avoid any side-effects.

runsc/cmd/run.go

@@ -99,6 +99,10 @@ func (r *Run) Execute(_ context.Context, f *flag.FlagSet, args ...any) subcomman
 	}
 	specutils.LogSpecDebug(spec, conf.OCISeccomp)
 
+	if err := validateProcessSpec(spec.Process); err != nil {
+		return util.Errorf("invalid process spec: %v", err)
+	}
+
 	// Create files from file descriptors.
 	fdMap := make(map[int]*os.File)
 	for _, mapping := range r.passFDs {