feat: add code_run sandboxed execution action

[DorianZheng]

Summary

Adds a built-in code_run(language, code, timeout_ms) action that executes short snippets inside isolated Docker containers.

Supported languages

• JavaScript: node:20-alpine
• TypeScript: transpiled in-process with esbuild, then run on node:20-alpine
• Python: python:3.11-alpine
• Bash: alpine:3

Sandbox limits

• No network (NetworkDisabled: true, NetworkMode: none)
• Read-only root filesystem with /sandbox tmpfs (size=64m,exec)
• 256MB memory and swap limit
• PID limit of 50
• no-new-privileges
• Timeout returns exit_code: 124 and includes Execution timed out in stderr

Implementation notes

• Registers code_run as a built-in action.
• Lazy-loads the Docker/esbuild runner only when code_run is invoked, so normal agent startup stays light.
• Pre-pulls sandbox images on real startup in the background, while avoiding test-run pre-pull side effects.
• Handles Docker auto-remove fast-exit races with container die events and stream drain handling.

Tests

• JavaScript, Python, and Bash happy paths
• Python timeout
• Memory limit test, skipped on macOS/CI due Docker Desktop variability
• Network blocked check