Publish versioned sandbox base images for reproducible pinned installs

[ericksoa]

Pinned NemoClaw installs can still pull the mutable sandbox base image (ghcr.io/nvidia/nemoclaw/sandbox-base:latest), so historical versions may rebuild against newer OpenClaw/runtime contents after latest is republished.

Context:

• VSS integration reported repeated breakage when installing an older pinned NemoClaw version, e.g. v0.0.31, after sandbox-base:latest was rebuilt with OpenClaw 2026.5.18.
• We reproduced the same class of failure in the OpenShell gateway upgrade E2E: the old v0.0.36 fixture picked up OpenClaw 2026.5.18 through sandbox-base:latest even though the test expected OpenClaw 2026.4.24.
• PR fix(e2e): pin old gateway base for resolved digests #4077 fixed the immediate E2E by patching the old fixture, but that is only test coverage. The product path still needs versioned image references so a pinned NemoClaw version means a pinned runtime environment.

Required outcome:

• Publish sandbox base images under immutable/versioned tags for releases.
• Make sandbox builds prefer the versioned base image that matches the installed NemoClaw version/ref when available.
• Keep a sane fallback for source checkouts/dev builds and for old releases without a versioned base image.
• Add tests so we fail in CI if a release/ref install would silently fall back to mutable latest when a versioned image should exist.

Acceptance criteria:

• Pinned installs no longer depend on ghcr.io/nvidia/nemoclaw/sandbox-base:latest when a versioned sandbox base image exists.
• CI/build workflows publish or preserve a release-specific sandbox-base tag.
• Existing current install/onboard flows keep working for local development and main builds.
• The OpenShell gateway upgrade fixture remains green.