sandbox: macOS backend via sandbox_init / SBPL

[tomjwxf]

Context

v0.1 stubs macOS: users get `--allow-unsandboxed` mode (Cedar + receipts only,
no OS isolation). This is fine for development but means macOS has no parity
with Linux for the sandbox layer.

What's needed

Translate `Profile` into an SBPL (Sandbox Profile Language) string and invoke
`sandbox_init(3)` from Rust via a small FFI shim.

SBPL is Apple-private and undocumented; workable references:

• https://boredzo.org/sandbox/sbpl.html (Peter Hosey's writeup)
• `/System/Library/Sandbox/Profiles/` on any macOS install
• `sandbox-exec`(1) tests empirically for rule-match behaviour

Acceptance criteria

• `crates/sb-sandbox/src/macos.rs` implemented
• `apply()` on macOS calls the new backend
• Integration test on a macOS CI runner: read-only + write-to-tmp + no-network
• DESIGN.md "Platform support" updated

Release target

v0.2.