[codex] Fix Windows sandbox git safe.directory for worktrees

[iceweasel-oai]

Why

Windows sandboxed commands run as a sandbox user, while workspace repositories are usually owned by the real user. The sandbox compensates by injecting a temporary Git safe.directory entry into the child environment.

That injection was still broken for linked worktrees because the helper followed the .git file's gitdir: pointer and injected the internal .git/worktrees/... location. Git's dubious-ownership check expects the worktree root instead, so sandboxed Git commands still failed in worktree-based Codex checkouts.

What changed

• Treat any .git marker, directory or file, as the worktree root for safe.directory injection.
• Keep the safe-directory logic in windows-sandbox-rs/src/sandbox_utils.rs and have the one-shot elevated path reuse it.
• Add regression coverage for both normal .git directories and gitfile-based worktrees.

Validation

• cargo test -p codex-windows-sandbox sandbox_utils::tests
• cargo test -p codex-windows-sandbox built and ran; the new sandbox_utils tests passed, while two pre-existing legacy sandbox tests failed locally with Access is denied: session::tests::legacy_non_tty_cmd_emits_output and spawn_prep::tests::legacy_spawn_env_applies_offline_network_rewrite.

[bschoepke-openai]

ty!