feat: codex-linux-sandbox standalone executable (#740)

This introduces a standalone executable that run the equivalent of the
`codex debug landlock` subcommand and updates `rust-release.yml` to
include it in the release.

The idea is that we will include this small binary with the TypeScript
CLI to provide support for Linux sandboxing.

codex-rs/cli/src/landlock.rs

@@ -11,10 +11,7 @@ use std::process::ExitStatus;
 
 /// Execute `command` in a Linux sandbox (Landlock + seccomp) the way Codex
 /// would.
-pub(crate) fn run_landlock(
-    command: Vec<String>,
-    sandbox_policy: SandboxPolicy,
-) -> anyhow::Result<()> {
+pub fn run_landlock(command: Vec<String>, sandbox_policy: SandboxPolicy) -> anyhow::Result<()> {
     if command.is_empty() {
         anyhow::bail!("command args are empty");
     }