Enable Chromium sandbox and pin Electron to avoid clone3/seccomp crash

[voidnullvalue]

Motivation

• Address the renderer crash observed on Ubuntu 22.04+/Linux Mint 21.x caused by seccomp-blocked clone3() in older Chromium/Electron sandbox builds.
• Keep Chromium/Electron sandboxing enabled (do not disable with --no-sandbox or webPreferences.sandbox=false).
• Make a minimal dependency change to ensure a stable Electron/Chromium runtime is used on affected Linux hosts.

Description

• Enable Chromium sandboxing explicitly by adding sandbox: true to the webPreferences for the main and worker BrowserWindow instances in main.js.
• Pin the Electron devDependency from ^38.0.0 to the exact 38.0.0 in package.json and update package-lock.json accordingly so the repository uses a consistent Electron/Chromium build.
• Files changed: main.js, package.json, package-lock.json.

Testing

• Ran npm ci successfully (packages installed; npm ci completed without error).
• Lockfile was updated and the workspace installs cleanly after the change.

Notes: sandbox remains enabled; no --no-sandbox flags were added and no sandbox overrides in BrowserWindow were removed. If further Electron/Chromium changes are desired (bumping to a newer major Electron), that can be done separately, but this change keeps sandboxing active and ensures a reproducible Electron runtime for affected Linux environments.

---

Codex Task