test(e2e): verify opensandbox runtime with codex via CI sidecar

[zpzjzj]

Summary

Adds executed CI coverage for the OpenSandbox runtime. Until now the
opensandbox path never ran in CI — the existing codex opensandbox test
always skipped for lack of an external sandbox service. This PR adds a CI
job that self-hosts the OpenSandbox server on the runner, so the path is
exercised on every PR.

The opensandbox job runs the codex agent: claude_code already has
real-model coverage in the none-runtime e2e job, whereas codex is otherwise
only exercised against a fake binary — so this is its sole real coverage and
adds one more agent overall.

Changes

• .github/workflows/ci.yml: new e2e-opensandbox job. Installs
  opensandbox-server via uv, starts it as a background process (Docker
  runtime, host network, host docker.sock), health-checks it, then runs
  TestAgent_Codex_OpenSandboxRuntime against http://127.0.0.1:8080.
• e2e/agent_test.go: new TestAgent_ClaudeCode_OpenSandboxRuntime
  (mirrors the codex test; runnable locally / in future CI) and an
  openSandboxE2EImage() helper that reads OPENSANDBOX_IMAGE.
• Both opensandbox tests preserve the in-sandbox agent workspace as a CI
  artifact for post-mortem when execution fails inside the sandbox.

Test plan

• make test / make verify pass
• go test -tags e2e -run OpenSandbox ./e2e passes locally (skips
  cleanly without OPENSANDBOX_API_KEY)
• New e2e-opensandbox CI job is green on this PR

Notes for reviewers

• The sandbox image is node:22: skill-up bootstraps the agent CLI inside
  the sandbox (nvm/node/npm install), which needs curl/git/node.
  Bare ubuntu:latest lacks these. Override via OPENSANDBOX_IMAGE.
• The OpenSandbox server is self-hosted, so no OPENSANDBOX_* secret is
  needed — but the agent still calls a real model, so the job gates on
  DASHSCOPE_API_KEY and skips on fork PRs (same pattern as the e2e job).
• execd_image is pinned to opensandbox/execd:v1.0.16; bump if the
  server log reports an execd compatibility error.

🤖 Generated with Claude Code