%s is a C format specifier for a string.
msg = g_strdup_printf (_("<b><big>Enter your password to run "
"the application '%s' as user %s"
"</big></b>"),
command, context->user);
means “where you see the first %s, replace it with the contents of command as a string, and where you see the second %s, replace it with the contents of context->user as a string.