[cross-repo] ship Basilica sandboxes across backend + frontend

[machine-god-deus]

Summary

• Add sandbox control-plane API endpoints (POST /sandboxes, GET /sandboxes, GET /sandboxes/{id}, DELETE /sandboxes/{id}) in basilica-api with MultiClusterK8sClient for dedicated sandbox-cluster routing (fail-hard, no main-cluster fallback)
• Create basilica-sandbox-operator crate: reconciles BasilicaSandbox CRDs into Pod, Service, Secret, and NetworkPolicy on the sandbox cluster with PSS restricted, RuntimeDefault seccomp, hardcoded image allowlist, automountServiceAccountToken: false, and egress restrictions blocking RFC1918 + IMDS
• Create basilica-exec-agent crate: HTTP + WebSocket server on port 9999, validates X-Exec-Secret (hashed comparison), executes commands, handles file ops, supports explicit R2 upload/download
• Create sandbox-router crate: wildcard host routing from sb-{id}.sandboxes.basilica.ai to the correct sandbox service via field-selector lookups with sb- prefix
• Add CloudType::Sandbox to billing with migration (046_add_sandbox_cloud_type.sql), sandbox pricing config, and lifecycle hooks (TrackRental, FinalizeRental, heartbeat/status) in sandbox_billing.rs
• Add sandbox-cluster K8s manifests under orchestrator/k8s/sandbox/: Envoy Gateway route, image pre-pull DaemonSet, operator deployment/RBAC, router deployment, namespace bootstrap with ResourceQuota/LimitRange/PSS labels, and network policies
• Add namespace bootstrap for u-{user_id} with quota, limit range, and PSS enforcement in the sandbox API handlers
• Add integration test suites covering sandbox API, exec-agent, operator, and K8s integration in crates/integration-tests/
• Fix exec-agent auth to read exec_secret_hash and hash incoming header before comparison
• Fix dead idempotency check in sandbox_billing::track_sandbox_rental
• Fix sandbox-router CRD name mismatch by adding sb- prefix to field selector
• Fix doctest OOM kills in basilica-api and basilica-autoscaler by disabling empty doctests

Validation

• cargo test passes all 353 basilica-api tests, 123 basilica-aggregator tests, and all provider-level tests (total across workspace)
• Clippy warnings resolved across basilica-exec-agent, basilica-sandbox-operator, and basilica-billing (too_many_arguments refactored)
• Integration tests registered and compiling for sandbox API, exec-agent, operator, and K8s integration paths (crates/integration-tests/tests/sandbox_k8s_integration.rs)
• Auth protocol fix verified: exec-agent now hashes incoming X-Exec-Secret header against stored exec_secret_hash
• Billing idempotency fix verified: track_sandbox_rental correctly checks existing rental before insert

Risks

• 69 files changed / ~9350 lines added — large surface area; incremental rollout behind feature flag or sandbox-cluster availability is advisable
• sandbox_billing.rs is ~1096 lines, exceeding typical file size guidelines; may warrant splitting before production hardening
• Integration tests depend on K8s CRDs being registered; tests gate on CRD availability but full E2E validation requires a running sandbox cluster
• Sandbox cluster infrastructure (Envoy Gateway, WireGuard, K3s) is manifest-only — no Terraform/Ansible automation shipped in this PR

Closes one-covenant/basilica-backend#260