fix(linux-sandbox): avoid panic on bwrap build failures

[viyatb-oai]

Summary

• Propagate Linux bubblewrap argument-construction failures instead of panicking in the helper
• Keep mutable-symlink carveouts fail-closed while reporting them as ordinary sandbox build failures
• Add regression coverage for a protected .codex symlink inside a writable workspace root

Root cause

Linux bubblewrap intentionally rejects read-only carveouts that cross a symlink the sandboxed process can still rewrite. That is the correct security behavior for protected metadata paths such as .codex.

The bug was one layer higher: linux_run_main treated the expected build failure as impossible and panicked while constructing the bubblewrap argv. For issue #20716, that turned a normal fail-closed sandbox outcome into a noisy panic in the transcript.

User impact

Users with a project-local .codex symlink inside a writable workspace still get the conservative sandbox decision, but they no longer see a Rust panic for that condition. The helper now exits with the concise sandbox-build error so the normal denial / escalation path can handle it.

Fixes #20716

[evawong-oai]

Reviewed the diff and CI. This is scoped to the Linux sandbox panic fix and has regression coverage.