#751 Unified IPC + chroot isolation for apps and Python run tool

Implement unified isolation for app system and Python run tool using IPC (multiprocessing + Pipe) with chroot for filesystem isolation. ## Completed: - Added chroot isolation to app_runner.py - Pre-import all ALLOWED_IMPORTS before chroot - Sandbox directory: /tmp/highway_{workflow_run_id}/ - Added CAP_SYS_CHROOT to worker containers in docker-compose.yml - Cleanup sandbox after execution - Tested: /etc/passwd not accessible after chroot ## Remaining: - Phase 2: Create unified isolation executor - Phase 3: Modify Python run tool to use IPC+chroot - Phase 4: Refactor app executor to use shared infrastructure - Phase 5: Delete Docker sandbox code ## Files Modified: - engine/apps/app_runner.py - engine/apps/executor.py - docker-compose.yml ## Security: - Apps cannot read /vault/secrets/, /etc/, or any system path - IPC pipe opened before chroot remains valid - All ctx operations go through IPC to parent process