sandbox: split spawn() into create()/start() for OCI-style lifecycle

[congwang-mk]

Summary

• Replace Sandbox::spawn* (Rust) with a fork-park-exec split: create(cmd) forks the child, installs the full policy (seccomp+notif supervisor, rlimits, landlock, COW, network/HTTP proxies), and parks the child between policy install and execve; start() releases it. run(cmd) and friends become create + start + wait internally.
• Same split is plumbed through FFI (sandlock_create + sandlock_start, replacing sandlock_spawn) and Python (Sandbox.create, Sandbox.start; Sandbox.spawn(cmd) is now the sugar that composes them, taking over the name from the prior Sandbox.start(cmd)).
• Drop reaps a created-but-not-started child (extending the existing kill+waitpid logic to cover RuntimeState::Created), preventing a zombie regression introduced by the state staying Created after do_create.
• Existing internal pipeline io variants renamed to create_with_io / create_with_gather_io; the run/run_interactive/run_with_extra_handlers/dry_run public surface is unchanged.

This unblocks an OCI runtime shim (PR #31 territory) that needs to fork the container init in runtime create, return to containerd, then signal runtime start later: a long-lived daemon holds the Sandbox parked across the two CLI invocations, with the full sandlock policy applied (not just Landlock).

Test plan

• cargo test --workspace: 212 integration tests passing
• pytest python/tests: 247 tests passing (was 241; 6 new in test_lifecycle.py covering spawn+wait, create pid/parked state, create+start, state-guard errors, and the Drop reap)

🤖 Generated with Claude Code