feat(sandbox): enforce proxy-aware network routing in sandbox

[viyatb-oai]

Summary

• expand proxy env injection to cover common tool env vars (HTTP_PROXY/HTTPS_PROXY/ALL_PROXY/NO_PROXY families + tool-specific variants)
• harden macOS Seatbelt network policy generation to route through inferred loopback proxy endpoints and fail closed when proxy env is malformed
• thread proxy-aware Linux sandbox flags and add minimal bwrap netns isolation hook for restricted non-proxy runs
• add/refresh tests for proxy env wiring, Seatbelt policy generation, and Linux sandbox argument wiring

gated on [experimental_network] enabled in requirements.toml

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8862494880

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[nornagon-openai]

sandbox changes seem safe in that they are strictly less permissive than previously. didn't review the rest of the PR in depth.