sandbox: aarch64 syscall table for seccomp strict/permissive modes

[tomjwxf]

Context

On Linux aarch64, apply_linux currently refuses-to-run with a clear error
rather than silently falling back to a permissive seccomp filter. Silently
weakening enforcement for users who asked for strict mode is strictly worse
than a hard stop — see crates/sb-sandbox/src/linux.rs.

What's needed

A complete aarch64 syscall-number table alongside the existing x86_64 one in
crates/sb-sandbox/src/linux.rs::syscall_nr. aarch64 syscall numbers are
defined in <asm-generic/unistd.h> and are stable; ~70 entries match the
current x86_64 allowlist.

Acceptance criteria

• #[cfg(target_arch = "aarch64")] fn syscall_nr(name: &str) -> Option<i64>
  covers every syscall referenced by build_strict_filter and
  build_permissive_filter
• apply_linux no longer returns SandboxError::Unsupported on aarch64
• CI matrix adds ubuntu-latest aarch64 (via QEMU or a GitHub-hosted
  ARM runner) and runs the end-to-end smoke test
• DESIGN.md "Known limitations (v0.1)" entry for aarch64 removed

Stretch

Consider generating the table via libseccomp or a build.rs that parses
<asm/unistd.h> on the build host, eliminating the hand-maintained list.

Priority

Medium. Most hosted CI is still x86_64, but Apple Silicon + AWS Graviton
make aarch64 the second-most-common Linux architecture for agent workloads.

Release target

v0.1.1.