feat: add Landlock sandbox for sidecar process isolation

SandboxConfig with RW/RO paths applied via pre_exec() in sidecar child
process. Requires kernel 6.2+ with graceful fallback. Per-project toggle
in SettingsTab. 9 unit tests.

v2/src/lib/adapters/agent-bridge.ts

@@ -51,6 +51,15 @@ export async function restartAgent(): Promise<void> {
   return invoke('agent_restart');
 }
 
+/** Update Landlock sandbox config and restart sidecar to apply. */
+export async function setSandbox(
+  projectCwds: string[],
+  worktreeRoots: string[],
+  enabled: boolean,
+): Promise<void> {
+  return invoke('agent_set_sandbox', { projectCwds, worktreeRoots, enabled });
+}
+
 export interface SidecarMessage {
   type: string;
   sessionId?: string;

v2/src/lib/types/groups.ts

@@ -16,6 +16,8 @@ export interface ProjectConfig {
   provider?: ProviderId;
   /** When true, agents for this project use git worktrees for isolation */
   useWorktrees?: boolean;
+  /** When true, sidecar process is sandboxed via Landlock (Linux 5.13+, restricts filesystem access) */
+  sandboxEnabled?: boolean;
   /** Anchor token budget scale (defaults to 'medium' = 6K tokens) */
   anchorBudgetScale?: AnchorBudgetScale;
   /** Stall detection threshold in minutes (defaults to 15) */