revert: remove pre-Landlock bind mounts apply (#9300)

**Description**

This removes the pre‑Landlock read‑only bind‑mount step from the Linux
sandbox so filesystem restrictions rely solely on Landlock again.
`mounts.rs` is kept in place but left unused. The linux‑sandbox README
is updated to match the new behavior and manual test expectations.

codex-rs/linux-sandbox/src/landlock.rs

@@ -7,8 +7,6 @@ use codex_core::error::SandboxErr;
 use codex_core::protocol::SandboxPolicy;
 use codex_utils_absolute_path::AbsolutePathBuf;
 
-use crate::mounts::apply_read_only_mounts;
-
 use landlock::ABI;
 use landlock::Access;
 use landlock::AccessFs;
@@ -33,10 +31,6 @@ pub(crate) fn apply_sandbox_policy_to_current_thread(
     sandbox_policy: &SandboxPolicy,
     cwd: &Path,
 ) -> Result<()> {
-    if !sandbox_policy.has_full_disk_write_access() {
-        apply_read_only_mounts(sandbox_policy, cwd)?;
-    }
-
     if !sandbox_policy.has_full_disk_write_access() || !sandbox_policy.has_full_network_access() {
         set_no_new_privs()?;
     }

codex-rs/linux-sandbox/src/mounts.rs

@@ -1,3 +1,5 @@
+#![allow(dead_code)]
+
 use std::ffi::CString;
 use std::os::unix::ffi::OsStrExt;
 use std::path::Path;