Rollback tenant quota reservation on spawn failures

[seanwevans]

Motivation

• Prevent tenant quota from being consumed when sandbox creation fails after an early reservation.
• Ensure in-memory _tenant_usage and durable quota ledger remain consistent across failure paths.

Description

• Added a usage_reserved flag and preserved the early self._record_tenant_usage(tenant, 1) reservation while wrapping sandbox creation/startup and registry update in a guarded try/except block in Supervisor.spawn() (file pyisolate/supervisor.py).
• On any exception after reservation the rollback path now removes the partial registry entry, stops any started thread, deletes the cgroup, cleans up the temp dir, drops recovery state, and records a compensating -1 delta via _record_tenant_usage(tenant, -1) to restore quota accounting.
• Kept behavior for warm-pool reuse and normal successful spawn unchanged and still returns a Sandbox handle on success.
• Added regression tests in tests/test_supervisor.py to simulate failures and assert both in-memory and on-disk ledger consistency.

Testing

• Added test_spawn_start_failure_rolls_back_tenant_usage_and_ledger which monkeypatches SandboxThread.start to raise and verifies _tenant_usage and ledger contain the compensating -1 entry.
• Added test_spawn_registry_failure_rolls_back_tenant_usage_and_ledger which monkeypatches recovery.update_sandbox to raise and verifies registry cleanup, _tenant_usage, and ledger replay behavior.
• Ran pytest -q tests/test_supervisor.py and all tests passed (24 passed).

---

Codex Task