Build remote exec env from exec-server policy (#17216)

## Summary
- add an exec-server `envPolicy` field; when present, the server starts
from its own process env and applies the shell environment policy there
- keep `env` as the exact environment for local/embedded starts, but
make it an overlay for remote unified-exec starts
- move the shell-environment-policy builder into `codex-config` so Core
and exec-server share the inherit/filter/set/include behavior
- overlay only runtime/sandbox/network deltas from Core onto the
exec-server-derived env

## Why
Remote unified exec was materializing the shell env inside Core and
forwarding the whole map to exec-server, so remote processes could
inherit the orchestrator machine's `HOME`, `PATH`, etc. This keeps the
base env on the executor while preserving Core-owned runtime additions
like `CODEX_THREAD_ID`, unified-exec defaults, network proxy env, and
sandbox marker env.

## Validation
- `just fmt`
- `git diff --check`
- `cargo test -p codex-exec-server --lib`
- `cargo test -p codex-core --lib unified_exec::process_manager::tests`
- `cargo test -p codex-core --lib exec_env::tests`
- `cargo test -p codex-core --lib exec_env_tests` (compile-only; filter
matched 0 tests)
- `cargo test -p codex-config --lib shell_environment` (compile-only;
filter matched 0 tests)
- `just bazel-lock-update`

## Known local validation issue
- `just bazel-lock-check` is not runnable in this checkout: it invokes
`./scripts/check-module-bazel-lock.sh`, which is missing.

---------

Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: pakrym-oai <pakrym@openai.com>

codex-rs/exec-server/tests/exec_process.rs

@@ -51,6 +51,7 @@ async fn assert_exec_process_starts_and_exits(use_remote: bool) -> Result<()> {
             process_id: ProcessId::from("proc-1"),
             argv: vec!["true".to_string()],
             cwd: std::env::current_dir()?,
+            env_policy: /*env_policy*/ None,
             env: Default::default(),
             tty: false,
             arg0: None,
@@ -127,6 +128,7 @@ async fn assert_exec_process_streams_output(use_remote: bool) -> Result<()> {
                 "sleep 0.05; printf 'session output\\n'".to_string(),
             ],
             cwd: std::env::current_dir()?,
+            env_policy: /*env_policy*/ None,
             env: Default::default(),
             tty: false,
             arg0: None,
@@ -156,6 +158,7 @@ async fn assert_exec_process_write_then_read(use_remote: bool) -> Result<()> {
                 "import sys; line = sys.stdin.readline(); sys.stdout.write(f'from-stdin:{line}'); sys.stdout.flush()".to_string(),
             ],
             cwd: std::env::current_dir()?,
+            env_policy: /*env_policy*/ None,
             env: Default::default(),
             tty: true,
             arg0: None,
@@ -192,6 +195,7 @@ async fn assert_exec_process_preserves_queued_events_before_subscribe(
                 "printf 'queued output\\n'".to_string(),
             ],
             cwd: std::env::current_dir()?,
+            env_policy: /*env_policy*/ None,
             env: Default::default(),
             tty: false,
             arg0: None,
@@ -224,6 +228,7 @@ async fn remote_exec_process_reports_transport_disconnect() -> Result<()> {
                 "sleep 10".to_string(),
             ],
             cwd: std::env::current_dir()?,
+            env_policy: /*env_policy*/ None,
             env: Default::default(),
             tty: false,
             arg0: None,