feat: add WebSocket TCP port forwarding for sandbox containers

[Timandes]

Complete GH Issue #520 :

• Add /sandboxes/{id}/portforward WebSocket endpoint in proxy layer
• Add /portforward WebSocket endpoint in rocklet for internal TCP proxy
• Support port range 1024-65535, excluding port 22 (SSH)
• Implement two-layer architecture: external proxy -> rocklet -> TCP port
• Add comprehensive logging with target_port in all messages
• Handle both FastAPI WebSocket and websockets library APIs

---

实现方式相比Issue #520 做了一点调整：

通过rocklet转发TCP over WebSocket；外层代理层仅负责处理WebSocket转发。

---

启动沙箱的脚本可以参考：

import asyncio

from rock.actions import CreateBashSessionRequest
from rock.sdk.sandbox.client import Sandbox
from rock.sdk.sandbox.config import SandboxConfig


async def run_sandbox():
    config = SandboxConfig(image="python:3.11", memory="2g", cpus=2.0)
    sandbox = Sandbox(config)

    await sandbox.start()
    await sandbox.create_session(CreateBashSessionRequest(session="bash-1"))
    result = await sandbox.arun(cmd="python3 -m http.server 9999 &", session="bash-1")


if __name__ == "__main__":
    asyncio.run(run_sandbox())

---

测试程序可以使用：

https://github.com/Timandes/ROCK-TCP-to-WS-Forwarder