feat: if .codex is a sub-folder of a writable root, then make it read-only to the sandbox

[bolinfest]

In preparation for in-repo configuration support, this updates WritableRoot::get_writable_roots_with_cwd() to include the .codex subfolder in WritableRoot.read_only_subpaths, if it exists, as we already do for .git.

As noted, currently, like .git, .codex will only be read-only under macOS Seatbelt, but we plan to bring support to other OSes, as well.

Updated the integration test in seatbelt.rs so that it actually attempts to run the generated Seatbelt commands, verifying that:

• trying to write to .codex/config.toml in a writable root fails
• trying to write to .git/hooks/pre-commit in a writable root fails
• trying to write to the writable root containing the .codex and .git subfolders succeeds

[pakrym-oai]

Should we add an integration test?

[joshka-oai]

The tests look like they test the config, but not the desired effect (unless I'm misreading them). Do we have any tests that try to write to a read-only files?

[bolinfest]

@pakrym-oai hmm, admittedly #1765 where I introduced the test in seatbelt.rs used /bin/echo hello as the command as opposed to something like git init, so I'll fix that as part of this PR now...