Simplify legacy Windows sandbox ACL persistence

[iceweasel-oai]

Why

The legacy Windows sandbox still carried a persist_aces mode switch, even though the only path that meaningfully applies filesystem ACEs today is workspace-write, which already uses the persistent behavior. Legacy read-only sessions rely on the read-only capability SID rather than per-command filesystem ACE mutation, so the temporary cleanup branch had become conceptual overhead without a corresponding behavioral need.

Removing that split makes the ACL lifecycle match the current sandbox model more directly and trims the guard/revocation plumbing from the legacy launcher paths.

What changed

• Removed the persist_aces parameter from legacy ACL preparation.
• Made legacy deny-read handling always use the persistent reconciliation path.
• Dropped guard tracking and post-exit ACE revocation from both capture and unified-exec legacy flows.
• Kept workspace .codex / .agents protection tied directly to WorkspaceWrite instead of an intermediate persistence flag.

Verification

• cargo fmt -p codex-windows-sandbox
• git diff --check
• cargo test -p codex-windows-sandbox
  • 85 passed, 2 ignored, 2 (unrelated) failed locally.

[iceweasel-oai]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 122e1e96b7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".