feat: make sandbox read access configurable with ReadOnlyAccess (#11387)

`SandboxPolicy::ReadOnly` previously implied broad read access and could
not express a narrower read surface.
This change introduces an explicit read-access model so we can support
user-configurable read restrictions in follow-up work, while preserving
current behavior today.

It also ensures unsupported backends fail closed for restricted-read
policies instead of silently granting broader access than intended.

## What

- Added `ReadOnlyAccess` in protocol with:
  - `Restricted { include_platform_defaults, readable_roots }`
  - `FullAccess`
- Updated `SandboxPolicy` to carry read-access configuration:
  - `ReadOnly { access: ReadOnlyAccess }`
  - `WorkspaceWrite { ..., read_only_access: ReadOnlyAccess }`
- Preserved existing behavior by defaulting current construction paths
to `ReadOnlyAccess::FullAccess`.
- Threaded the new fields through sandbox policy consumers and call
sites across `core`, `tui`, `linux-sandbox`, `windows-sandbox`, and
related tests.
- Updated Seatbelt policy generation to honor restricted read roots by
emitting scoped read rules when full read access is not granted.
- Added fail-closed behavior on Linux and Windows backends when
restricted read access is requested but not yet implemented there
(`UnsupportedOperation`).
- Regenerated app-server protocol schema and TypeScript artifacts,
including `ReadOnlyAccess`.

## Compatibility / rollout

- Runtime behavior remains unchanged by default (`FullAccess`).
- API/schema changes are in place so future config wiring can enable
restricted read access without another policy-shape migration.

codex-rs/core/tests/suite/web_search.rs

@@ -44,9 +44,12 @@ async fn web_search_mode_cached_sets_external_web_access_false() {
         .await
         .expect("create test Codex conversation");
 
-    test.submit_turn_with_policy("hello cached web search", SandboxPolicy::ReadOnly)
-        .await
-        .expect("submit turn");
+    test.submit_turn_with_policy(
+        "hello cached web search",
+        SandboxPolicy::new_read_only_policy(),
+    )
+    .await
+    .expect("submit turn");
 
     let body = resp_mock.single_request().body_json();
     let tool = find_web_search_tool(&body);
@@ -82,9 +85,12 @@ async fn web_search_mode_takes_precedence_over_legacy_flags() {
         .await
         .expect("create test Codex conversation");
 
-    test.submit_turn_with_policy("hello cached+live flags", SandboxPolicy::ReadOnly)
-        .await
-        .expect("submit turn");
+    test.submit_turn_with_policy(
+        "hello cached+live flags",
+        SandboxPolicy::new_read_only_policy(),
+    )
+    .await
+    .expect("submit turn");
 
     let body = resp_mock.single_request().body_json();
     let tool = find_web_search_tool(&body);
@@ -121,9 +127,12 @@ async fn web_search_mode_defaults_to_cached_when_features_disabled() {
         .await
         .expect("create test Codex conversation");
 
-    test.submit_turn_with_policy("hello default cached web search", SandboxPolicy::ReadOnly)
-        .await
-        .expect("submit turn");
+    test.submit_turn_with_policy(
+        "hello default cached web search",
+        SandboxPolicy::new_read_only_policy(),
+    )
+    .await
+    .expect("submit turn");
 
     let body = resp_mock.single_request().body_json();
     let tool = find_web_search_tool(&body);
@@ -169,7 +178,7 @@ async fn web_search_mode_updates_between_turns_with_sandbox_policy() {
         .await
         .expect("create test Codex conversation");
 
-    test.submit_turn_with_policy("hello cached", SandboxPolicy::ReadOnly)
+    test.submit_turn_with_policy("hello cached", SandboxPolicy::new_read_only_policy())
         .await
         .expect("submit first turn");
     test.submit_turn_with_policy("hello live", SandboxPolicy::DangerFullAccess)