fix: fall back to vendored bubblewrap when system bwrap lacks --argv0 (#15338)

## Why

Fixes [#15283](https://github.com/openai/codex/issues/15283), where
sandboxed tool calls fail on older distro `bubblewrap` builds because
`/usr/bin/bwrap` does not understand `--argv0`. The upstream [bubblewrap
v0.9.0 release
notes](https://github.com/containers/bubblewrap/releases/tag/v0.9.0)
explicitly call out `Add --argv0`. Flipping `use_legacy_landlock`
globally works around that compatibility bug, but it also weakens the
default Linux sandbox and breaks proxy-routed and split-policy cases
called out in review.

The follow-up Linux CI failure was in the new launcher test rather than
the launcher logic: the fake `bwrap` helper stayed open for writing, so
Linux would not exec it. This update also closes the user-visibility gap
from review by surfacing the same startup warning when `/usr/bin/bwrap`
is present but too old for `--argv0`, not only when it is missing.

## What Changed

- keep `use_legacy_landlock` default-disabled
- teach `codex-rs/linux-sandbox/src/launcher.rs` to fall back to the
vendored bubblewrap build when `/usr/bin/bwrap` does not advertise
`--argv0` support
- add launcher tests for supported, unsupported, and missing system
`bwrap`
- write the fake `bwrap` test helper to a closed temp path so the
supported-path launcher test works on Linux too
- extend the startup warning path so Codex warns when `/usr/bin/bwrap`
is missing or too old to support `--argv0`
- mirror the warning/fallback wording across
`codex-rs/linux-sandbox/README.md` and `codex-rs/core/README.md`,
including that the fallback is the vendored bubblewrap compiled into the
binary
- cite the upstream `bubblewrap` release that introduced `--argv0`

## Verification

- `bazel test --config=remote --platforms=//:rbe
//codex-rs/linux-sandbox:linux-sandbox-unit-tests
--test_filter=launcher::tests::prefers_system_bwrap_when_help_lists_argv0
--test_output=errors`
- `cargo test -p codex-core system_bwrap_warning`
- `cargo check -p codex-exec -p codex-tui -p codex-tui-app-server -p
codex-app-server`
- `just argument-comment-lint`

codex-rs/linux-sandbox/README.md

@@ -8,19 +8,23 @@ This crate is responsible for producing:
   - this should also be true of the `codex` multitool CLI
 
 On Linux, the bubblewrap pipeline prefers the system `/usr/bin/bwrap` whenever
-it is available. If `/usr/bin/bwrap` is missing, the helper still falls back to
+it is available and supports the required argv-rewrite flags. If `/usr/bin/bwrap`
+is missing or too old to support the required flags, the helper falls back to
 the vendored bubblewrap path compiled into this binary.
-Codex also surfaces a startup warning when `/usr/bin/bwrap` is missing so users
-know it is falling back to the vendored helper.
+Codex also surfaces a startup warning when `/usr/bin/bwrap` is missing or too
+old to support the required flags so users know it is falling back to the
+vendored helper.
 
 **Current Behavior**
 - Legacy `SandboxPolicy` / `sandbox_mode` configs remain supported.
 - Bubblewrap is the default filesystem sandbox pipeline.
-- If `/usr/bin/bwrap` is present, the helper uses it.
-- If `/usr/bin/bwrap` is missing, the helper falls back to the vendored
-  bubblewrap path.
-- If `/usr/bin/bwrap` is missing, Codex also surfaces a startup warning instead
-  of printing directly from the sandbox helper.
+- If `/usr/bin/bwrap` is present and supports the required argv-rewrite flags,
+  the helper uses it.
+- If `/usr/bin/bwrap` is missing or too old to support the required flags, the
+  helper falls back to the vendored bubblewrap path.
+- If `/usr/bin/bwrap` is missing or too old to support the required flags,
+  Codex also surfaces a startup warning instead of printing directly from the
+  sandbox helper.
 - Legacy Landlock + mount protections remain available as an explicit legacy
   fallback path.
 - Set `features.use_legacy_landlock = true` (or CLI `-c use_legacy_landlock=true`)