#411 CRITICAL: Sandbox all user Python code execution

Security flaw: tools.python.run gives tenant code raw DB access via ctx.db_connection. In multi-tenant cloud, malicious tenant can: (1) Read other tenants data, (2) Modify system tables, (3) Access secrets. Solution: Run ALL user code in Docker sandbox with DurableContext exposed via secure RPC API.