fix(sandbox): stop using cmdline paths for binary policy matching

[drew]

Motivation

• The OPA policy accepted absolute paths from /proc/<pid>/cmdline as binary identities, which are attacker-controlled and allow local processes to spoof an allowed binary and bypass network restrictions.

Description

• Remove the Rego rule that matched exec.cmdline_paths so cmdline entries no longer grant binary identity in crates/openshell-sandbox/data/sandbox-policy.rego.
• Tighten glob matching to operate only on exec.path and exec.ancestors (no cmdline-derived paths) in the same policy file.
• Update OPA unit tests in crates/openshell-sandbox/src/opa.rs to stop relying on cmdline-based allows and to add explicit deny coverage for cmdline spoof attempts, and adjust fixtures to use executable/ancestor path matching.
• Preserve existing exact-path and ancestor-based matching and glob behavior for executable paths.

Testing

• Confirmed policy change via repository search with rg to ensure no Rego rules reference exec.cmdline_paths for identity matching (search succeeded).
• Attempted mise run pre-commit which failed in this environment due to remote tool resolution and mise trust constraints unrelated to the code change.
• Attempted targeted unit test run with cargo test -p openshell-sandbox cmdline_path_does_not_grant_identity -- --exact, but full native dependency compilation could not complete within this session; the test was added/updated to assert that cmdline entries do not grant identity.

---

Codex Task

[github-actions]

Thank you for your submission! We ask that you sign our Developer Certificate of Origin before we can accept your contribution. You can sign the DCO by adding a comment below using this text:

---

I have read the DCO document and I hereby sign the DCO.

---

_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the DCO Assistant Lite bot.}

[johntmyers]

Closing in favor of consolidated re-implementation. See #350 for tracking.