feat(agent-sec-core): add bundled loongshield build flow

[chenzongyao200127]

Description

This PR adds a bundled loongshield build flow to agent-sec-core and updates the build/docs flow around it.

agent-sec-core now exposes a single make build-all entrypoint that always builds linux-sandbox and attempts to build the bundled third_party/loongshield submodule when the host environment is supported. If the host does not pass loongshield's env-check, the loongshield build is skipped and agent-sec-core still builds successfully.

Changes

• add loongshield as a git submodule under src/agent-sec-core/third_party/loongshield
• add make loongshield and make build-all targets in agent-sec-core
• update make install to install bundled loongshield when the host supports building it
• keep build/install behavior non-blocking on unsupported hosts by checking loongshield build prerequisites first
• update the top-level scripts/build-all.sh flow to initialize the submodule and use make build-all
• update root and component docs to use the new build/install commands and describe submodule initialization

Why

Before this change, agent-sec-core only documented/builds linux-sandbox directly. This PR makes the bundled hardening dependency part of the standard build flow while preserving compatibility
on hosts that cannot build loongshield.

Testing

• ran make -n build-all in src/agent-sec-core to verify the new build flow and fallback behavior
• reviewed updated documentation and top-level build script references for consistency

Related Issue

#106

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring (no functional change)
• Performance improvement
• CI/CD or build changes

Scope

• cosh (copilot-shell)
• sec-core (agent-sec-core)
• skill (os-skills)
• sight (agentsight)
• Multiple / Project-wide

Checklist

• I have read the Contributing Guide
• My code follows the project's code style
• I have added tests that prove my fix is effective or that my feature works
• I have updated the documentation accordingly
• For cosh: Lint passes, type check passes, and tests pass
• For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
• For sec-core (Python): Ruff format and pytest pass
• For skill: Skill directory structure is valid and shell scripts pass syntax check
• For sight: cargo clippy -- -D warnings and cargo fmt --check pass
• Lock files are up to date (package-lock.json / Cargo.lock)

Testing

Additional Notes

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[chenzongyao200127]

@kid9 @edonyzpc @casparant Please Take A Look in your spare time:)

[chenzongyao200127]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.You have signed the CLA already but the status is still pending? Let us recheck it.

recheck