feat(driver-docker): use host networking for sandboxes

[drew]

Summary

Split out the Docker-driver networking changes from #1069. This PR keeps the gateway as a host process and runs Docker sandbox supervisor containers with Docker host networking so they can reach a gateway bound to 127.0.0.1 without adding an extra bridge-reachable listener, proxy, or host /etc/hosts change on Linux.

Related Issue

Split from #1069.

Changes

• Run Docker sandbox containers with network_mode = "host" so supervisor callbacks can use loopback gateway endpoints directly.
• Preserve OPENSHELL_ENDPOINT exactly as configured for both plaintext and TLS gateway endpoints.
• Add a container-local host.openshell.internal -> 127.0.0.1 hosts entry for a stable OpenShell-owned alias to host loopback services.
• Remove the Docker dedicated-bridge network configuration, endpoint rewriting, and extra gateway listener path that were part of the earlier iteration.
• Keep agent workload networking enforced by the supervisor's nested network namespace and policy proxy.
• Update Docker driver architecture docs and the architecture index to describe the host-networking behavior.

Testing

• mise run pre-commit passes
• Unit tests added/updated
• E2E tests added/updated (if applicable)

Additional checks run:

• cargo test -p openshell-driver-docker
• cargo fmt --all -- --check
• markdownlint-cli2 architecture/docker-driver.md architecture/README.md
• git diff --check

Known local test blocker:

• mise run pre-commit gets through format, lint, markdown, Helm, Python, Rust check, and Clippy, then fails in sandbox_create_keeps_sandbox_with_forwarding because Docker Desktop PID 50455 is already listening on local port 8080.

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)
• Architecture docs updated (if applicable)

[cgwalters]

Just looking at the arch doc so far

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.