perf: reduce WSL runtime exec deny startup cost

[jy-tan]

Summary

Reduce WSL startup latency in runtime exec deny multicall detection by replacing exhaustive PATH scans with bounded relevant-alias probing, then narrowing that work further by filesystem device while still preserving cross-device symlink alias detection.

Changes

• Precompute resolved runtime-deny targets and build a shared alias search once per invocation instead of rescanning PATH directories for each denied executable.
• Replace exhaustive directory enumeration with targeted probing of denied executable names plus critical command aliases.
• Bucket alias candidates by filesystem device so rootfs binaries on WSL avoid unnecessary probing on slow /mnt/* mounts, while still following cross-device symlink aliases when they resolve back to a relevant target device.
• Keep the conservative security behavior: runtime exec deny still blocks by default and still emits actionable warnings when collateral critical aliases are detected.
• Update runtime-exec diagnostics wording and docs to reflect detected relevant aliases rather than an exhaustive full-directory scan.
• Add unit coverage for bounded alias probing, symlink alias detection, and device-bucket filtering.

Benchmarks

Hyperfine comparison on WSL for the two commits on this branch (30 runs):

• first = 18cf2c1: bounded relevant-name probing, before device-aware bucketing
• second = 1b3cf82: device-aware probing and cross-device symlink fallback

Benchmark 1: first
  Time (mean ± σ):      4.483 s ±  2.578 s    [User: 0.033 s, System: 0.141 s]
  Range (min … max):    1.104 s … 11.506 s    30 runs
 
Benchmark 2: second
  Time (mean ± σ):      1.535 s ±  0.679 s    [User: 0.024 s, System: 0.104 s]
  Range (min … max):    0.992 s …  3.504 s    30 runs
 
Summary
  second ran
    2.92 ± 2.12 times faster than first

We probably still need further optimizations on Linux/WSL, but this solves the hanging issue.

Additional Notes

This change intentionally favors bounded, policy-relevant alias detection over exhaustive alias discovery. In practice, that means diagnostics now report the relevant aliases we detect (for example critical commands and denied names), rather than every possible alias on the system. The tradeoff is that some non-critical aliases of the same binary may no longer appear in warnings, but the sandbox behavior remains conservative: the denied target is still blocked by default, and the critical shared-binary cases still trigger warnings and opt-out guidance.

A narrower WSL-specific workaround like skipping /mnt/* during scanning (similar to PR 96) may be is less ideal because it special-cases one environment rather than fixing the underlying algorithm. It also changes behavior based on path prefix heuristics, whereas this change reduces the search space in a more general and principled way.

[cubic-dev-ai]

No issues found across 4 files

[dwt]

This does work fine for my use case (nix provided multi call binaries) and the code does look decent - I would say go ahead, it's definitely better than #96.

The sandbox still taking a second to boot seems a bit slow to me, but is probably bearable. Building a new sandbox per command in a n agent shell probably feels sluggish already using this though.

I would say: better than right now, and we can optimize later?

[jy-tan]

Yep will definitely need to optimize further, will do that in a later PR.