feat(cli): add sandbox profile config controls (#20118)

## Why

The explicit profile path from #20117 is meant for standalone testing,
but it still inherited the
shell cwd and all managed requirements implicitly. The pre-existing
launcher path even called out
that it did not support a separate cwd yet in

[`debug_sandbox.rs`](509453f688/codex-rs/cli/src/debug_sandbox.rs (L174-L179)).

For a standalone command, the useful default is to let the caller choose
the project directory being
tested and to avoid administrator-provided constraints unless the caller
explicitly wants to test
those too.

## What changed

- Add explicit-profile-only `-C/--cd DIR`, and use that cwd for both
profile resolution and command
  execution.
- Add explicit-profile-only `--include-managed-config`.
- Make explicit profile mode skip managed requirement sources by
default, including cloud
requirements, MDM requirements, `/etc/codex/requirements.toml`, and the
legacy managed-config
  requirements projection.
- Preserve all existing invocations outside the explicit-profile path.

## Stack

1. #20117 `sandbox-ui-profile`
2. #20118 `sandbox-ui-config` --> this PR

Both PRs are additive. Replay JSON is intentionally deferred to a
follow-up design pass.

## Tests ran

- `cargo test -p codex-cli debug_sandbox`
- `cargo test -p codex-cli sandbox_macos_`
- `cargo test -p codex-core
load_config_layers_can_ignore_managed_requirements`
- `cargo test -p codex-core
load_config_layers_includes_cloud_requirements`
- macOS branch-binary smoke on the rebased top of stack: `-C` changed
execution cwd, explicit
profile mode omitted managed proxy env under `env -i`, and
`--include-managed-config` restored it.
- Linux devbox branch-binary smoke on the rebased top of stack: `-C`
changed execution cwd for
  built-in and user-defined explicit profiles.

codex-rs/cli/src/lib.rs

@@ -5,6 +5,7 @@ pub(crate) mod login;
 use clap::Parser;
 use codex_utils_absolute_path::AbsolutePathBuf;
 use codex_utils_cli::CliConfigOverrides;
+use std::path::PathBuf;
 
 pub use debug_sandbox::run_command_under_landlock;
 pub use debug_sandbox::run_command_under_seatbelt;
@@ -19,12 +20,31 @@ pub use login::run_login_with_device_code;
 pub use login::run_login_with_device_code_fallback_to_browser;
 pub use login::run_logout;
 
+// TODO: Deduplicate these shared sandbox options if we remove the explicit
+// `codex sandbox <os>` platform subcommands.
 #[derive(Debug, Parser)]
 pub struct SeatbeltCommand {
     /// Named permissions profile to apply from the active configuration stack.
     #[arg(long = "permissions-profile", value_name = "NAME")]
     pub permissions_profile: Option<String>,
 
+    /// Working directory used for profile resolution and command execution.
+    #[arg(
+        short = 'C',
+        long = "cd",
+        value_name = "DIR",
+        requires = "permissions_profile"
+    )]
+    pub cwd: Option<PathBuf>,
+
+    /// Include managed requirements while resolving an explicit permissions profile.
+    #[arg(
+        long = "include-managed-config",
+        default_value_t = false,
+        requires = "permissions_profile"
+    )]
+    pub include_managed_config: bool,
+
     /// Allow the sandboxed command to bind/connect AF_UNIX sockets rooted at this path. Relative paths are resolved against the current directory. Repeat to allow multiple paths.
     #[arg(long = "allow-unix-socket", value_parser = parse_allow_unix_socket_path)]
     pub allow_unix_sockets: Vec<AbsolutePathBuf>,
@@ -52,6 +72,23 @@ pub struct LandlockCommand {
     #[arg(long = "permissions-profile", value_name = "NAME")]
     pub permissions_profile: Option<String>,
 
+    /// Working directory used for profile resolution and command execution.
+    #[arg(
+        short = 'C',
+        long = "cd",
+        value_name = "DIR",
+        requires = "permissions_profile"
+    )]
+    pub cwd: Option<PathBuf>,
+
+    /// Include managed requirements while resolving an explicit permissions profile.
+    #[arg(
+        long = "include-managed-config",
+        default_value_t = false,
+        requires = "permissions_profile"
+    )]
+    pub include_managed_config: bool,
+
     #[clap(skip)]
     pub config_overrides: CliConfigOverrides,
 
@@ -66,6 +103,23 @@ pub struct WindowsCommand {
     #[arg(long = "permissions-profile", value_name = "NAME")]
     pub permissions_profile: Option<String>,
 
+    /// Working directory used for profile resolution and command execution.
+    #[arg(
+        short = 'C',
+        long = "cd",
+        value_name = "DIR",
+        requires = "permissions_profile"
+    )]
+    pub cwd: Option<PathBuf>,
+
+    /// Include managed requirements while resolving an explicit permissions profile.
+    #[arg(
+        long = "include-managed-config",
+        default_value_t = false,
+        requires = "permissions_profile"
+    )]
+    pub include_managed_config: bool,
+
     #[clap(skip)]
     pub config_overrides: CliConfigOverrides,