fix(agent-sandbox): warn on hardened image fallback

[carloshvp]

Summary

• warn when automatic image selection falls back from the hardened minimal-PATH image to python:3.11-slim
• explain that minimal-PATH command restrictions are inactive
• point security-sensitive callers to require_hardened_image=True
• avoid the fallback warning when callers explicitly configure image=

Root cause

The default image-selection path preserves compatibility by using python:3.11-slim when the hardened image is unavailable. Before this change, that reduction in command restrictions was silent, so operators could miss that the sandbox was running with weaker image-level enforcement.

Impact

Existing fallback behavior remains unchanged. Operators now receive an actionable warning when it occurs:

Hardened sandbox image 'agt-sandbox/python-minimal-path:3.11' is unavailable;
falling back to 'python:3.11-slim'. Minimal-PATH command restrictions are not
active. Set require_hardened_image=True to fail closed.

Explicit custom images do not produce this warning.

Refs #2662
Follow-up to #2909

Validation

• PYTHONPATH=src:../agent-os/src python3 -m pytest tests -q
  • 401 passed, 59 skipped
• ruff check src/agent_sandbox/docker_provider/provider.py
• ruff check tests/test_docker_sandbox.py --ignore I001,F401
• python3 -m compileall -q src/agent_sandbox
• git diff --check

AI Assistance

• I can explain every meaningful change in this PR: what it does, why, and what tradeoffs were considered
• I have run tests and verification appropriate for this change
• No part of this PR was autonomously submitted by an AI agent without my review
• I have not used AI to generate review comments on others' PRs

Codex assisted with implementation and test drafting; all output was reviewed and validated.

IP, Patents, and Licensing

• This contribution does not implement patent-pending or patent-encumbered techniques
• This contribution does not require an NDA or licensing agreement to understand or use
• Any AI tools used have terms compatible with the MIT License

[github-actions]

PR Review Summary

Check	Status	Details
🔍 Code Review	⚠️ Missing	No current-run comment
🛡️ Security Scan	⚠️ Missing	No current-run comment
🔄 Breaking Changes	⚠️ Missing	No current-run comment
📝 Docs Sync	⚠️ Missing	No current-run comment
🧪 Test Coverage	⚠️ Missing	No current-run comment

Verdict: ⚠️ AI review incomplete; ready for human review

AI review comments are untrusted advisory output. The summary reports workflow-generated completion status only, not model-authored pass/fail claims.