fix(supervisor): drop sandbox child capability bounding set

[alangou]

Summary

Drop the Linux capability bounding set in the common sandbox child privilege-drop path so workloads and openshell connect shells cannot regain container-granted capabilities after exec.

Related Issue

Closes #1452

Changes

• Added Linux-only capability bounding set reduction in drop_privileges() after initgroups/setgid and before setuid.
• Drops capabilities from 0..=cap_last_cap, with CAP_SETPCAP dropped last and a graceful fallback when CAP_SETPCAP is unavailable.
• Added focused Linux-only regression coverage and documented the child-process invariant in architecture/sandbox.md.

Testing

• mise run pre-commit passes
• Unit tests added/updated
• E2E not applicable; no e2e files changed

Additional checks run:

• mise run fmt && mise run e2e && mise run e2e:kubernetes && mise run e2e:docker
• cargo test -p openshell-supervisor-process --lib process::tests -- --nocapture
• cargo test -p openshell-supervisor-process --lib ssh::tests::pre_exec_always_calls_drop_privileges -- --nocapture

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)

[elezar]

A codex-assisted review:

I think this still fails closed incorrectly for the Podman path. drop_capability_bounding_set() returns Ok(()) when CAP_SETPCAP is
not effective, and also when the first PR_CAPBSET_DROP returns EPERM. But the Podman driver currently drops SETPCAP from the
supervisor container, so that path leaves the child bounding set unchanged while still spawning the workload/connect shell.

Could we either keep SETPCAP available to the supervisor until child setup, or fail the spawn when the bounding set cannot be cleared
and is still nonempty? This may also be a good place to use capctl rather than custom /proc parsing and raw prctl;
capctl::caps::bounding::clear() plus an explicit “EPERM is only OK if the bounding set is already empty” check would make the invariant
clearer.

The current regression test skips when CAP_SETPCAP is unavailable, so it would not catch the Podman-relevant failure mode.

[johntmyers]

A codex-assisted review:

I think this still fails closed incorrectly for the Podman path....

+1. Seems like different drivers can do different drops on their own which would impact this common code that runs driver-agnostically.

[alangou]

@johntmyers @elezar I have implemented the requested changes

[johntmyers]

looks good @alangou - will need to update the README for openshell-driver-podman as it still mentions SETPCAP is dropped

[alangou]

@johntmyers the readme is updated (auto-merge is enable)

[github-actions]

Label test:e2e applied for b0bb43b. Open the existing run and click Re-run all jobs to execute with the label set. The run will execute the standard E2E suite after building the required gateway and supervisor images once. The matching required CI gate status on this PR will flip green automatically once the run finishes.