fix: ensure cwd for conversation and sandbox are separate concerns (#3874)

Previous to this PR, both of these functions take a single `cwd`:


71038381aa/codex-rs/core/src/seatbelt.rs (L19-L25)


71038381aa/codex-rs/core/src/landlock.rs (L16-L23)

whereas `cwd` and `sandbox_cwd` should be set independently (fixed in
this PR).

Added `sandbox_distinguishes_command_and_policy_cwds()` to
`codex-rs/exec/tests/suite/sandbox.rs` to verify this.

codex-rs/linux-sandbox/tests/suite/landlock.rs

@@ -35,9 +35,11 @@ fn create_env_from_core_vars() -> HashMap<String, String> {
 
 #[expect(clippy::print_stdout, clippy::expect_used, clippy::unwrap_used)]
 async fn run_cmd(cmd: &[&str], writable_roots: &[PathBuf], timeout_ms: u64) {
+    let cwd = std::env::current_dir().expect("cwd should exist");
+    let sandbox_cwd = cwd.clone();
     let params = ExecParams {
         command: cmd.iter().map(|elm| elm.to_string()).collect(),
-        cwd: std::env::current_dir().expect("cwd should exist"),
+        cwd,
         timeout_ms: Some(timeout_ms),
         env: create_env_from_core_vars(),
         with_escalated_permissions: None,
@@ -59,6 +61,7 @@ async fn run_cmd(cmd: &[&str], writable_roots: &[PathBuf], timeout_ms: u64) {
         params,
         SandboxType::LinuxSeccomp,
         &sandbox_policy,
+        sandbox_cwd.as_path(),
         &codex_linux_sandbox_exe,
         None,
     )
@@ -133,6 +136,7 @@ async fn test_timeout() {
 #[expect(clippy::expect_used)]
 async fn assert_network_blocked(cmd: &[&str]) {
     let cwd = std::env::current_dir().expect("cwd should exist");
+    let sandbox_cwd = cwd.clone();
     let params = ExecParams {
         command: cmd.iter().map(|s| s.to_string()).collect(),
         cwd,
@@ -151,6 +155,7 @@ async fn assert_network_blocked(cmd: &[&str]) {
         params,
         SandboxType::LinuxSeccomp,
         &sandbox_policy,
+        sandbox_cwd.as_path(),
         &codex_linux_sandbox_exe,
         None,
     )