Harden package-manager install policy

[mcgrew-oai]

Summary

This PR hardens package-manager usage across the repo to reduce dependency supply-chain risk. It also removes the stale codex-cli Docker path, which was already broken on main, instead of keeping a bitrotted container workflow alive.

What changed

• Updated pnpm package manager pins and workspace install settings.
• Removed stale codex-cli Docker assets instead of trying to keep a broken local container path alive.
• Added uv settings and lockfiles for the Python SDK packages.
• Updated Python SDK setup docs to use uv sync.

Why

This is primarily a security hardening change. It reduces package-install and supply-chain risk by ensuring dependency installs go through pinned package managers, committed lockfiles, release-age settings, and reviewed build-script controls.

For codex-cli, the right follow-up was to remove the local Docker path rather than keep patching it:

• codex-cli/Dockerfile installed codex.tgz with npm install -g, which bypassed the repo lockfile and age-gated pnpm settings.
• The local codex-cli/scripts/build_container.sh helper was already broken on main: it called pnpm run build, but codex-cli/package.json does not define a build script.
• The container path itself had bitrotted enough that keeping it would require extra packaging-specific behavior that was not otherwise needed by the repo.

Gaps addressed

• Global npm installs bypassed the repo lockfile in Docker and CLI reinstall paths, including codex-cli/Dockerfile and codex-cli/bin/codex.js.
• CI and Docker pnpm installs used --frozen-lockfile, but the repo was missing stricter pnpm workspace settings for dependency build scripts.
• Python SDK projects had pyproject.toml metadata but no committed uv.lock coverage or uv age/index settings in sdk/python and sdk/python-runtime.
• The secure devcontainer install path used npm/global install behavior without a local locked package-manager boundary.
• The local codex-cli Docker helper was already broken on main, so this PR removes that stale Docker path instead of preserving a broken surface.
• pnpm was already pinned, but not to the current repo-wide pnpm version target.

Verification

• pnpm install --frozen-lockfile
• .devcontainer/codex-install: pnpm install --prod --frozen-lockfile
• .devcontainer/codex-install: ./node_modules/.bin/codex --version
• sdk/python: uv lock --check, uv sync --locked --all-extras --dry-run, uv build
• sdk/python-runtime: uv lock --check, uv sync --locked --dry-run, uv build --wheel
• pnpm -r --filter ./sdk/typescript run build
• pnpm -r --filter ./sdk/typescript run lint
• pnpm -r --filter ./sdk/typescript run test
• node --check codex-cli/bin/codex.js
• docker build -f .devcontainer/Dockerfile.secure -t codex-secure-test .
• cargo build -p codex-cli
• repo-wide package-manager audit

[sdcoffey]

✅ for sdk/python