[codex] Add friendly Python SDK sandbox presets

[aibrahim-oai]

Why

The Python SDK currently exposes sandbox selection differently depending on where it is used: thread lifecycle methods accept SandboxMode, while turns accept the lower-level SandboxPolicy shape. For the common case of choosing an access level, that leaks app-server wire details into otherwise straightforward SDK usage.

This makes the common path explicit and discoverable: callers choose a named sandbox preset once, using the same keyword on threads and turns. The preset name workspace_write also makes the granted capability clear at the callsite.

What changed

• Added a root-level Sandbox enum with documented presets:
  • Sandbox.read_only: read files without allowing writes.
  • Sandbox.workspace_write: the normal default for projects with a recorded trust decision; read files and write inside the workspace and configured writable roots.
  • Sandbox.full_access: run without filesystem access restrictions.
• Documented that omitting sandbox= delegates to app-server's configured default, while explicit turn overrides remain sticky for subsequent turns.
• Updated sync and async thread lifecycle and turn APIs to consistently accept sandbox=Sandbox..., translating to the existing app-server thread and turn representations internally.
• Updated the public API artifact generator so regenerated SDK wrappers retain the friendly enum shape.
• Replaced low-level policy construction in Python docs, examples, and the walkthrough notebook with the preset API.
• Added focused coverage for root exports, method signatures, preset-to-wire mapping, and rejection of raw string sandbox inputs.

API impact

High-level turn calls now use sandbox= instead of sandbox_policy=:

from openai_codex import Codex, Sandbox

with Codex() as codex:
    thread = codex.thread_start(sandbox=Sandbox.workspace_write)
    result = thread.run("Review the diff only.", sandbox=Sandbox.read_only)

thread_start(...) already defaults to ApprovalMode.auto_review, so normal writable usage is concise:

with Codex() as codex:
    thread = codex.thread_start(sandbox=Sandbox.workspace_write)
    thread.run("Update the files in this workspace.")

With that combination, edits inside cwd and configured writable roots run within the workspace-write sandbox. Operations that require approval, such as edits outside those roots, are routed through auto review. When sandbox= is omitted, app-server resolves its configured default. A sandbox supplied to run(...) or turn(...) applies to that turn and subsequent turns.

Test coverage

• sdk/python/tests/test_public_api_signatures.py covers the public export and parameter names, including the default approval mode.
• sdk/python/tests/test_public_api_runtime_behavior.py covers preset mappings to the existing wire types and raw string rejection.