fix: fix symlinked writable roots in sandbox policies

[viyatb-oai]

Summary

• normalize effective readable, writable, and unreadable sandbox roots after resolving special paths so symlinked roots use canonical runtime paths
• add a protocol regression test for a symlinked writable root with a denied child and update protocol expectations to canonicalized effective paths
• update macOS seatbelt tests to assert against effective normalized roots produced by the shared policy helpers

Testing

• just fmt
• cargo test -p codex-protocol
• cargo test -p codex-core explicit_unreadable_paths_are_excluded_
• cargo clippy -p codex-protocol -p codex-core --tests -- -D warnings

Notes

• This is intended to fix the symlinked TMPDIR bind failure in bubblewrap described in bwrap sandbox bind fails with symlinked TMPDIR #14672.
  Fixes bwrap sandbox bind fails with symlinked TMPDIR #14672

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: eebbcbb23a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[etraut-openai]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 10d7949f7a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".