fix(linux-sandbox): block io_uring syscalls in no-network seccomp policy (#10814)

## Summary

- Add seccomp deny rules for `io_uring` syscalls in the Linux sandbox
network policy.
- Specifically deny:
  - `SYS_io_uring_setup`
  - `SYS_io_uring_enter`
  - `SYS_io_uring_register`

codex-rs/linux-sandbox/src/landlock.rs

@@ -149,6 +149,9 @@ fn install_network_seccomp_filter_on_current_thread() -> std::result::Result<(),
     deny_syscall(libc::SYS_getsockopt);
     deny_syscall(libc::SYS_setsockopt);
     deny_syscall(libc::SYS_ptrace);
+    deny_syscall(libc::SYS_io_uring_setup);
+    deny_syscall(libc::SYS_io_uring_enter);
+    deny_syscall(libc::SYS_io_uring_register);
 
     // For `socket` we allow AF_UNIX (arg0 == AF_UNIX) and deny everything else.
     let unix_only_rule = SeccompRule::new(vec![SeccompCondition::new(