fix: update vulnerable sandbox dependencies

[BeautyyuYanli]

Summary

• Update golang.org/x/net to v0.53.0 and refresh related golang.org/x/* module versions.
• Update the pinned Python requests package to 2.33.0 across Docker version configuration and templates.
• Align the Docker test Go version with the Go version required by the updated modules.
• Stabilize sandbox child processes under Go 1.25 by disabling unnecessary Go runtime housekeeping features before seccomp is installed and allowing low-risk runtime housekeeping syscalls.

Background / Rationale

The vulnerable golang.org/x/net version is fixed by v0.53.0, whose module metadata requires Go 1.25.0. After the Go toolchain was aligned with that requirement, CI started failing with signal: bad system call during basic Python and Node.js execution tests.

The failures were not caused by requests or x/net code paths directly. The sandbox loads Go c-shared libraries (python.so / nodejs.so) into Python and Node.js child processes to install seccomp. Once seccomp is active, any Go runtime background/housekeeping syscall that is not in the allowlist can terminate the process.

Go 1.25 enables or expands runtime behavior that can issue additional housekeeping syscalls, including:

• mapping decoration via prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, ...);
• container-aware GOMAXPROCS setup/update paths that can inspect CPU/container state;
• runtime netpoll support that can use eventfd2.

This PR uses:

GODEBUG=decoratemappings=0,containermaxprocs=0,updatemaxprocs=0

only for the sandbox child process while loading the Go c-shared seccomp library. The prescripts remove GODEBUG before evaluating user code, so the user execution environment is not intentionally polluted.

This is preferred over simply allowing every syscall Go 1.25 may use. In particular, avoiding decoratemappings prevents the need to broadly allow prctl. The current seccomp helper only allows syscall-level rules, not argument-filtered rules, so allowing prctl would allow all prctl operations instead of only PR_SET_VMA. That is broader than necessary for the sandbox.

The allowlist changes are limited to low-risk runtime housekeeping syscalls:

• eventfd2 for Go runtime netpoll support;
• madvise for Go/Python memory-management paths;
• sched_getaffinity for Go runtime CPU-affinity/container probing paths.

The Go runtime-related allowlist updates are applied consistently to both Python and Node.js sides because both runners load Go c-shared libraries and can be affected by the same Go runtime behavior. Language-specific syscall differences remain separate.

Related Issue

Closes #267

Test Plan

• docker build --progress=plain -f docker/amd64-test.gen.dockerfile --build-arg TARGETARCH=amd64 -t dify-sandbox:test-ci-fix .
• docker run --rm dify-sandbox:test-ci-fix python3 -c 'import requests; print("python-ok", requests.__version__)'
• docker run --rm dify-sandbox:test-ci-fix node -e 'console.log("javascript-ok", process.version)'
• GitHub Actions: Test (amd64) and Test (arm64) passed.

Note: direct local go test ./internal/core/runner/... ./internal/service/... fails outside Docker because the test initialization requires creating sandbox users.

This PR is drafted by gpt-5.4 and gpt-5.5. I'm responsible for all the changes. I have reviewed the code and varified the behavior, while breaks may still exist. Reach me to fix in this case.