Running OpenClaw safely: identity, isolation, and runtime risk | Microsoft Security Blog — Blankdot