feat: add sandboxing for activation scripts

[mrswastik-robot]

This PR tries to add the sandbox functionality to the activation process, enhancing the by restricting what activation scripts can access on the filesystem.

I don't know whether it's the right approach or not, would need suggestions from the team here, but I have used a dual-approach here - a Production Mode for which is the implementation part is given below, and a Test Mode which bypasses the sandbox for testing in CI environments.

Implementation Details:

• Production Mode: Uses rattler_sandbox to create a secure sandbox environment with defined exceptions.
• Test Mode: Bypasses the sandbox for testing in CI environments.
• Created a run_in_sandbox function that:
  • Takes a command and optional environment variables.
  • Restricts filesystem access to specific paths (/bin, /usr/bin, /lib, etc.) .
  • Allows read/write access only to the temp directory and executable.
• Added platform detection via is_sandbox_supported() (Linux and macOS on x86_64/aarch64).
• Modified Activator::run_activation to use the sandbox when sandbox_mode is enabled.
• Added a constructor function in lib.rs using the ctor crate that calls rattler_sandbox::init_sandbox() when the crate is loaded in test mode.

I know the code and may be the approach is far from perfection so would love to get the feedback from the team and I will be more than happy to make the requested code changes!