#678 Security: Isolate Python DSL compilation in sandboxed container

CRITICAL SECURITY ISSUE: Python DSL code currently executes on API server with full access to database, secrets, and network. A malicious user could submit DSL that: - Accesses database and exfiltrates/deletes data - Reads environment variables and secrets - Makes outbound network requests SOLUTION: Dedicated DSL compiler microservice running in isolation: - Only highway_dsl + pydantic installed - No outbound network - No secrets/env vars - Read-only filesystem - Memory/CPU/time limits SCOPE: Only applies when customer submits python_dsl WITHOUT json. When json is present, no conversion needed.