RLM: remove code jail -> simplify code

[snimu]

Description

There previously was a very basic code jail for the RLM, but this adds a lot of complexity for very little gain. I made the decision that users simply need to accept risks if they run the RLM locally, and if they don't want that they should run it on the sandbox. This PR removes the jail, which allows for a strong simplification of the RLM code. Tested with vf-eval (both execution backends and both repl languages).

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Test improvement

Testing

• All existing tests pass when running uv run pytest locally.
• New tests have been added to cover the changes

Checklist

• My code follows the style guidelines of this project as outlined in AGENTS.md
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• Any dependent changes have been merged and published

---

Note

Medium Risk
Removes local execution guardrails for RLMEnv, which expands what locally-executed user code can access and could increase the impact of running untrusted tasks outside a sandbox.

Overview
RLMEnv no longer applies the best-effort local filesystem/code jail: the FilesystemJail utility and its unit tests are removed, and the docs drop the claim that local Python execution is jailed.

The Python worker script generation in rlm_env.py is simplified and unified between local and sandbox modes (single context loader, single sub-LLM timeout config, no restriction/env-var plumbing, and consistent root-tool HTTP timeout behavior).

^{Written by Cursor Bugbot for commit b73e858. This will update automatically on new commits. Configure here.}