Restart inherited sandbox sessions when metadata changes

[t-kalinowski]

Summary

• treat inherited sandbox changes as worker-session boundaries and restart before the next non-poll, non-bare-interrupt worker interaction
• preserve local-only behavior for empty polls, bare interrupts, and pager-local commands while applying current metadata before real worker interactions
• add restart notices, timeout-bundle handling, and regression coverage for the restart-on-change contract

Why

After the per-call metadata migration, inherited sandbox state still needed one clearer runtime rule: sandbox changes should take effect at the next real worker interaction. That avoids preserving an old worker session when the current tool-call metadata describes a different inherited sandbox.

Public-facing changes

• when inherited sandbox metadata changes, the next non-empty worker interaction restarts into the new sandbox and reports that restart
• empty polls keep draining existing output without forcing a restart
• bare Ctrl-C remains local recovery behavior even if inherited sandbox metadata changed
• pager-local commands, including active or pending pager navigation, stay local and ignore sandbox metadata until a later call interacts with the worker
• control-prefixed tails such as Ctrl-C<code> and Ctrl-D<code> run in the restarted session when the sandbox changed

Internal-only changes

• rework worker respawn sequencing so timeout bundles, detached output, and restart notices survive sandbox-driven restarts cleanly
• retire stale disclosed timeout bundles when a sandbox change resets the worker session
• keep session-ended pager commands local until the next worker interaction
• keep missing-metadata recovery local for empty drains and bare interrupts that can be answered without spawning a worker
• cover restart edge cases for guardrail retries, active-pager bare restarts, explicit restart prefix cleanup, Windows test compilation, and unit-test process isolation
• document the restart-on-change contract and expand sandbox-state regression coverage

Diff composition

Measured against origin/main, this PR is 2,737 insertions and 603 deletions across 11 files. Most of that is regression coverage and inline unit tests around worker/session transitions:

• runtime code in src/: +725/-299 (30.7% of churn)
• inline tests inside src/: +450/-53 (15.1% of churn)
• tests in tests/: +1,460/-237 (50.8% of churn)
• docs: +100/-12 (3.4% of churn)
• snapshots: +2/-2 (0.1% of churn)

The largest contributors are tests/sandbox_state_updates.rs, src/worker_process.rs, and the inline tests in src/worker_process.rs.