feat(sandboxes): add exe.dev isolated sandbox provider

[mhenry]

What this adds

Adds @ai-hero/sandcastle/sandboxes/exe-dev, an isolated sandbox provider that provisions fresh exe.dev
microVMs for each run.

How it works

• create() calls ssh exe.dev new --json -no-email to provision a VM, polls until SSH is reachable, then mkdir -ps the
  workspace directory. close() calls ssh exe.dev rm <name>.
• The same SSH key authenticates both the exe.dev CLI and VM access (ssh <vm>.exe.xyz) — no API key, no bearer token, no env
  var.
• By default the provider looks for ~/.ssh/id_exe (exe.dev's recommended key location) and uses it automatically if found.
  If absent it falls back to the SSH agent / ~/.ssh/id_* defaults.
• When a key file is in use, ssh/scp are called with -i <path> -o IdentitiesOnly=yes and SSH_AUTH_SOCK is stripped
  from the child env so the SSH agent is bypassed entirely.
• exec() uses ssh with stdin piped to the child (avoids the 128 KB arg limit). stdout is streamed line-by-line so
  Sandcastle's idle timeout and live feedback work.
• copyIn uses scp -r; copyFileOut uses scp.
• Quota errors from exe.dev arrive as JSON in stderr ({"error": "…"}); parseControlResponse extracts the message cleanly.

Testing

• 8 factory-shape unit tests (matching the style of vercel.test.ts)
• Smoke-tested against a real exe.dev VM: exec, onLine streaming, cwd override, exit-code propagation, stdin piping,
  copyIn/copyFileOut roundtrip, and tag verification — all passing

Notes

• No new dependencies — uses only Node built-ins (child_process, fs/promises, os, path)
• ssh and scp must be on PATH

[vercel]

@mhenry is attempting to deploy a commit to the Matt Pocock's projects Team on Vercel.

A member of the Team first needs to authorize it.