#694 APP-01: No resource limits on app child processes

Location: executor.py:462. Issue: multiprocessing.Process spawned without CPU/memory/file descriptor limits. Malicious or buggy app can fork bomb, consume all memory, or open unlimited handles. Fix: Use resource.setrlimit before exec or migrate apps to Docker sandbox (sandbox.py exists).