feat(ci): add non-root sandbox smoke test as PR gate

[jyaunches]

Problem

All PR-level and nightly E2E sandboxes run with full root privileges. The Brev Launchable and DGX Spark environments run with no-new-privileges / Landlock restrictions active during entrypoint execution. Bug 1 of the weekend regression (#2472) — a 5-day outage where the gateway never started on non-root sandboxes — was invisible to every CI gate.

Proposal

Add a lightweight non-root-sandbox-smoke job to pr-self-hosted.yaml that:

1. Builds the production Docker image (already done by build-sandbox-images)
2. Starts the container with --security-opt no-new-privileges (replicates Brev Launchable constraints)
3. Waits for the gateway to respond on /health (HTTP 200 or 401) within 60 seconds
4. Verifies openclaw tui can start without "Missing gateway auth token"

This does NOT need live inference or an API key — it only validates that the entrypoint completes and the gateway binds its port under restricted execution. Estimated runtime: ~2 minutes on top of the existing image build.

What This Would Have Caught

• Bug 1 (fix(sandbox): fix non-root gateway startup and add crash safety net #2472): install_configure_guard writes to .bashrc/.profile crash under Landlock + set -e → gateway never starts → HTTP probe fails immediately
• Bug 2 (fix(security): revert gateway auth token externalization #2482): token removed from openclaw.json → openclaw tui fails with "Missing gateway auth token" (affects root and non-root)

Implementation

Add to pr-self-hosted.yaml after build-sandbox-images:

test-non-root-sandbox-smoke:
  runs-on: linux-amd64-cpu4
  timeout-minutes: 5
  needs: build-sandbox-images
  steps:
    - name: Checkout
      uses: actions/checkout@v6
    - name: Download image
      uses: actions/download-artifact@v4
      with:
        name: isolation-image
        path: /tmp
    - name: Load image
      run: gunzip -c /tmp/isolation-image.tar.gz | docker load
    - name: Run non-root smoke test
      run: bash test/e2e/test-non-root-smoke.sh

The test script starts the container with --security-opt no-new-privileges, polls /health, and verifies openclaw tui --help succeeds.

Context

• Strategy doc gap: GAP 1 (non-root / Landlock)
• Weekend regression: Bug 1 was a 5-day outage invisible to all CI
• Related: fix(ci): restore cloud-experimental-e2e to nightly pipeline (removed in #2472) #2570 (restore cloud-experimental), refactor(arch): unified timeout abstraction for child-process execution #2562 (timeout abstraction)

[jyaunches]

Remaining work — Test 4 (deferred to #2485)

#3166 lands Tests 1–3 of this issue (entrypoint under no-new-privileges, kernel NoNewPrivs=1 confirmation). Test 4 — openclaw tui does not fail with "Missing gateway auth token" inside the sandbox under the same constraint — is deferred, not dropped.

Why: Test 4 exercises the runtime gateway-token generation path. Main currently has only half of that refactor (build-time token removal in Dockerfile:373). The startup-time generator is in #2485.

Requirement: Whoever lands #2485 (or any successor that restores runtime gateway-token injection) must add Test 4 to test/e2e-non-root-smoke.sh and wire it into the test-non-root-sandbox-smoke job in pr-self-hosted.yaml in the same PR. This issue stays open until Test 4 is green as a PR gate.

Acceptance for closing #2571:

• Tests 1–3 landed as PR gate (test(e2e): add non-root sandbox smoke test #3166)
• Test 4 landed as PR gate (rides with feat(security): runtime gateway token injection #2485 or successor)