Revert sandbox after each exec to prevent stale state leaking back

[robinaugh]

Summary

• Reverts the sandbox working tree to clean HEAD after each exec's pull step, so the sandbox is always in a known state between calls
• Removes the per-file dirty reset from syncChangesToSandbox since the sandbox is now always clean when sync runs
• Fixes a bug where reverting local changes (e.g. git checkout .) and then running exec again would pull stale files back from the sandbox, because the empty-patch path in sync skipped the dirty file reset

Test plan

• Unit tests updated and passing
• Integration test added to rwx-testing-sandbox.sh that reproduces the exact bug: syncs a file, deletes it locally from a fully clean working tree, execs again, and asserts the file doesn't reappear

Before

DEPRECATION WARNING: `config.active_support.to_time_preserves_timezone` is deprecated and will be removed in Rails 8.2 (called from <top (required)> at /var/mint-workspace/config/environment.rb:5)
DEPRECATION WARNING: ActiveSupport::Configurable is deprecated without replacement, and will be removed in Rails 8.2.

You can emulate the previous behavior with `class_attribute`.
 (called from <top (required)> at /var/mint-workspace/config/environment.rb:5)
Run options: include {locations: {"./spec/models/rwx/user_spec.rb" => [6]}}
F

Failures:

  1) Rwx::User validations cannot have less than 8 characters in a password
     Got 2 failures:

     1.1) Failure/Error: expect(user).not_to be_valid
            expected #<Rwx::User id: nil, created_at: nil, email: "ope@rwx.com", first_name: nil, identity_id: nil, last_name: nil, password_digest: [FILTERED], sso: false, sso_bypass: false, telemetry_opted_out: false, time_zone: nil, updated_at: nil> not to be valid
          # ./spec/models/rwx/user_spec.rb:8:in 'block (3 levels) in <module:Rwx>'
          # ./spec/rails_helper.rb:272:in 'block (3 levels) in <top (required)>'
          # ./spec/support/helpers/envvar_helper.rb:22:in 'EnvvarHelper.unset_environment_variable'
          # ./spec/rails_helper.rb:271:in 'block (2 levels) in <top (required)>'

     1.2) Failure/Error: expect(user.errors[:password]).to include("is too short (minimum is 8 characters)")
            expected [] to include "is too short (minimum is 8 characters)"
          # ./spec/models/rwx/user_spec.rb:9:in 'block (3 levels) in <module:Rwx>'
          # ./spec/rails_helper.rb:272:in 'block (3 levels) in <top (required)>'
          # ./spec/support/helpers/envvar_helper.rb:22:in 'EnvvarHelper.unset_environment_variable'
          # ./spec/rails_helper.rb:271:in 'block (2 levels) in <top (required)>'

Finished in 0.51552 seconds (files took 3.32 seconds to load)
1 example, 1 failure

Failed examples:

rspec ./spec/models/rwx/user_spec.rb:6 # Rwx::User validations cannot have less than 8 characters in a password

No changes to pull from sandbox.
╭─jasonrobinaugh at Jasons-MacBook-Pro-4 in ~/code/cloud on main✘✘✘ 26-02-23 - 12:48:17
╰─⠠⠵ git co .
Updated 1 path from the index
╭─jasonrobinaugh at Jasons-MacBook-Pro-4 in ~/code/cloud on main✔ 26-02-23 - 12:48:21
╰─⠠⠵ rwx sandbox exec -- bundle exec rspec spec/models/rwx/user_spec.rb:6
DEPRECATION WARNING: `config.active_support.to_time_preserves_timezone` is deprecated and will be removed in Rails 8.2 (called from <top (required)> at /var/mint-workspace/config/environment.rb:5)
DEPRECATION WARNING: ActiveSupport::Configurable is deprecated without replacement, and will be removed in Rails 8.2.

You can emulate the previous behavior with `class_attribute`.
 (called from <top (required)> at /var/mint-workspace/config/environment.rb:5)
Run options: include {locations: {"./spec/models/rwx/user_spec.rb" => [6]}}
F

Failures:

  1) Rwx::User validations cannot have less than 8 characters in a password
     Got 2 failures:

     1.1) Failure/Error: expect(user).not_to be_valid
            expected #<Rwx::User id: nil, created_at: nil, email: "ope@rwx.com", first_name: nil, identity_id: nil, last_name: nil, password_digest: [FILTERED], sso: false, sso_bypass: false, telemetry_opted_out: false, time_zone: nil, updated_at: nil> not to be valid
          # ./spec/models/rwx/user_spec.rb:8:in 'block (3 levels) in <module:Rwx>'
          # ./spec/rails_helper.rb:272:in 'block (3 levels) in <top (required)>'
          # ./spec/support/helpers/envvar_helper.rb:22:in 'EnvvarHelper.unset_environment_variable'
          # ./spec/rails_helper.rb:271:in 'block (2 levels) in <top (required)>'

     1.2) Failure/Error: expect(user.errors[:password]).to include("is too short (minimum is 8 characters)")
            expected [] to include "is too short (minimum is 8 characters)"
          # ./spec/models/rwx/user_spec.rb:9:in 'block (3 levels) in <module:Rwx>'
          # ./spec/rails_helper.rb:272:in 'block (3 levels) in <top (required)>'
          # ./spec/support/helpers/envvar_helper.rb:22:in 'EnvvarHelper.unset_environment_variable'
          # ./spec/rails_helper.rb:271:in 'block (2 levels) in <top (required)>'

Finished in 0.4649 seconds (files took 3.35 seconds to load)
1 example, 1 failure

Failed examples:

rspec ./spec/models/rwx/user_spec.rb:6 # Rwx::User validations cannot have less than 8 characters in a password

Pulled 1 file(s) from sandbox:
  spec/models/rwx/user_spec.rb

After

╰─⠠⠵ ../cli/rwx sandbox exec -- bundle exec rspec spec/models/rwx/user_spec.rb:6
Started sandbox: 4a94d6ed35ef40ac96e732913902bffd
https://cloud.rwx.com/mint/rwx/runs/4a94d6ed35ef40ac96e732913902bffd
DEPRECATION WARNING: `config.active_support.to_time_preserves_timezone` is deprecated and will be removed in Rails 8.2 (called from <top (required)> at /var/mint-workspace/config/environment.rb:5)
DEPRECATION WARNING: ActiveSupport::Configurable is deprecated without replacement, and will be removed in Rails 8.2.

You can emulate the previous behavior with `class_attribute`.
 (called from <top (required)> at /var/mint-workspace/config/environment.rb:5)
Run options: include {locations: {"./spec/models/rwx/user_spec.rb" => [6]}}
F

Failures:

  1) Rwx::User validations cannot have less than 8 characters in a password
     Got 2 failures:

     1.1) Failure/Error: expect(user).not_to be_valid
            expected #<Rwx::User id: nil, created_at: nil, email: "ope@rwx.com", first_name: nil, identity_id: nil, last_name: nil, password_digest: [FILTERED], sso: false, sso_bypass: false, telemetry_opted_out: false, time_zone: nil, updated_at: nil> not to be valid
          # ./spec/models/rwx/user_spec.rb:8:in 'block (3 levels) in <module:Rwx>'
          # ./spec/rails_helper.rb:272:in 'block (3 levels) in <top (required)>'
          # ./spec/support/helpers/envvar_helper.rb:22:in 'EnvvarHelper.unset_environment_variable'
          # ./spec/rails_helper.rb:271:in 'block (2 levels) in <top (required)>'

     1.2) Failure/Error: expect(user.errors[:password]).to include("is too short (minimum is 8 characters)")
            expected [] to include "is too short (minimum is 8 characters)"
          # ./spec/models/rwx/user_spec.rb:9:in 'block (3 levels) in <module:Rwx>'
          # ./spec/rails_helper.rb:272:in 'block (3 levels) in <top (required)>'
          # ./spec/support/helpers/envvar_helper.rb:22:in 'EnvvarHelper.unset_environment_variable'
          # ./spec/rails_helper.rb:271:in 'block (2 levels) in <top (required)>'

Finished in 1.1 seconds (files took 3.86 seconds to load)
1 example, 1 failure

Failed examples:

rspec ./spec/models/rwx/user_spec.rb:6 # Rwx::User validations cannot have less than 8 characters in a password

No changes to pull from sandbox.
╭─jasonrobinaugh at Jasons-MacBook-Pro-4 in ~/code/cloud on main✘✘✘ 26-02-23 - 12:45:05
╰─⠠⠵ git checkout .
Updated 1 path from the index
╭─jasonrobinaugh at Jasons-MacBook-Pro-4 in ~/code/cloud on main✔ 26-02-23 - 12:45:12
╰─⠠⠵ ../cli/rwx sandbox exec -- bundle exec rspec spec/models/rwx/user_spec.rb:6
DEPRECATION WARNING: `config.active_support.to_time_preserves_timezone` is deprecated and will be removed in Rails 8.2 (called from <top (required)> at /var/mint-workspace/config/environment.rb:5)
DEPRECATION WARNING: ActiveSupport::Configurable is deprecated without replacement, and will be removed in Rails 8.2.

You can emulate the previous behavior with `class_attribute`.
 (called from <top (required)> at /var/mint-workspace/config/environment.rb:5)
Run options: include {locations: {"./spec/models/rwx/user_spec.rb" => [6]}}
.

Finished in 1.88 seconds (files took 3.52 seconds to load)
1 example, 0 failures

No changes to pull from sandbox.