Use unshare by default in linux to protect access

### Describe the feature or problem you'd like to solve

The tool should never have any kind of write access to places the users have not ack'ed for

### Proposed solution

I'm currently running copilot using bubblewrap to ensure it only works where I want via:

```sh
bwrap --ro-bind / / \
      --bind "$PWD" "$PWD" \
      --bind /tmp /tmp \
      --bind "$HOME/.copilot" "$HOME/.copilot" \
      --dev /dev \
      --proc /proc \
      --unshare-all \
      copilot
```

This is something that the tool should do by default

### Example prompts or workflows

_No response_

### Additional context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use unshare by default in linux to protect access #1163

Describe the feature or problem you'd like to solve

Proposed solution

Example prompts or workflows

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Use unshare by default in linux to protect access #1163

Description

Describe the feature or problem you'd like to solve

Proposed solution

Example prompts or workflows

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions