feat: codex-linux-sandbox standalone executable (#740)

This introduces a standalone executable that run the equivalent of the
`codex debug landlock` subcommand and updates `rust-release.yml` to
include it in the release.

The idea is that we will include this small binary with the TypeScript
CLI to provide support for Linux sandboxing.

codex-rs/cli/src/linux-sandbox/main.rs

@@ -0,0 +1,22 @@
+#[cfg(not(target_os = "linux"))]
+fn main() -> anyhow::Result<()> {
+    eprintln!("codex-linux-sandbox is not supported on this platform.");
+    std::process::exit(1);
+}
+
+#[cfg(target_os = "linux")]
+fn main() -> anyhow::Result<()> {
+    use clap::Parser;
+    use codex_cli::create_sandbox_policy;
+    use codex_cli::landlock;
+    use codex_cli::LandlockCommand;
+
+    let LandlockCommand {
+        full_auto,
+        sandbox,
+        command,
+    } = LandlockCommand::parse();
+    let sandbox_policy = create_sandbox_policy(full_auto, sandbox);
+    landlock::run_landlock(command, sandbox_policy)?;
+    Ok(())
+}