sandboxes: emphasize the untrusted-contributor review warning

Wrap the "treat sandbox-modified files like a PR from an untrusted
contributor" advisory in a [!WARNING] callout, matching the layout used
for the other security advisories in these docs (policy.md, credentials.md).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: ndeloof

content/manuals/ai/sandboxes/security/isolation.md

@@ -127,9 +127,10 @@ Review them after any agent session before performing those actions:
 - **IDE configuration** (`.vscode/tasks.json`, `.idea/`) can run tasks
   when you open the project.
 
-Treat sandbox-modified workspace files the same way you would treat a pull
-request from an untrusted contributor: review before you trust them on
-your host.
+> [!WARNING]
+> Treat sandbox-modified workspace files the same way you would treat a pull
+> request from an untrusted contributor: review before you trust them on
+> your host.
 
 ### Clone mode