Summary

Allow running sandboxes that started with empty network_policies to accept their first live policy update. This removes a stale gateway-side mode distinction that no longer matches the proxy-backed runtime and adds regression coverage for the direct update path.

Related Issue

Closes #491

Changes

• remove the gateway validation that rejected empty-to-non-empty network_policies updates on live sandboxes
• keep static field validation intact while treating empty network_policies as proxy-backed deny-all instead of a separate immutable mode
• add a server regression test for creating the first rule through the draft merge path
• add an e2e test for applying the first live network rule to a running sandbox and verifying traffic changes from 403 to 200
• update architecture docs to match the always-proxy runtime behavior for proto-backed sandboxes

Testing

• mise run pre-commit passes
• Unit tests added/updated
• E2E tests added/updated (if applicable)
• cargo test -p openshell-server merge_chunk_into_policy_adds_first_network_rule_to_empty_policy
• cargo test -p openshell-server sandbox_policy_backfill_on_update_when_no_baseline
• cargo test -p openshell-server validate_static_fields_allows_unchanged
• PYTHONPATH=python uv run pytest -o python_files='test_*.py' e2e/python/test_sandbox_policy.py -k 'live_policy_update_and_logs or live_policy_update_from_empty_network_policies' -n 1
• mise run pre-commit

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)
• Architecture docs updated (if applicable)