Refactor exec-server filesystem API into codex-file-system (#19892)

## Summary
- Extracted the shared filesystem types and `ExecutorFileSystem` trait
into a new `codex-file-system` crate
- Switched `codex-config` and `codex-git-utils` to depend on that crate
instead of `codex-exec-server`
- Kept `codex-exec-server` re-exporting the same API for existing
callers

## Testing
- Ran `cargo test -p codex-file-system`
- Ran `cargo test -p codex-git-utils`
- Ran `cargo test -p codex-config`
- Ran `cargo test -p codex-exec-server`
- Ran `just fix -p codex-file-system`, `just fix -p codex-git-utils`,
`just fix -p codex-config`, `just fix -p codex-exec-server`
- Ran `just fmt`
- Updated and verified the Bazel module lockfile

codex-rs/exec-server/src/fs_sandbox.rs

@@ -20,7 +20,6 @@ use tokio::process::Command;
 
 use crate::ExecServerRuntimePaths;
 use crate::FileSystemSandboxContext;
-use crate::file_system::file_system_policy_has_cwd_dependent_entries;
 use crate::fs_helper::CODEX_FS_HELPER_ARG1;
 use crate::fs_helper::FsHelperPayload;
 use crate::fs_helper::FsHelperRequest;
@@ -115,8 +114,7 @@ fn sandbox_cwd(sandbox: &FileSystemSandboxContext) -> Result<AbsolutePathBuf, JS
         return Ok(cwd.clone());
     }
 
-    let file_system_policy = sandbox.permissions.file_system_sandbox_policy();
-    if file_system_policy_has_cwd_dependent_entries(&file_system_policy) {
+    if sandbox.has_cwd_dependent_permissions() {
         return Err(invalid_request(
             "file system sandbox context with dynamic permissions requires cwd".to_string(),
         ));