docs(runtime-bwrap): list poppler-utils as a required host package

The claude-agent-sdk engine's Read tool shells out to pdftoppm (from
poppler-utils) for every PDF read — without it, "pdftoppm is not
installed" fails the agent. Because we already bind /usr read-only
into every sandbox, one apt install on the host makes pdftoppm visible
in every current and future bwrap session.

Surfaced live: a 3.7MB arxiv PDF uploaded via the attachments field
arrived in the workdir byte-perfect but the agent couldn't render it
until poppler-utils was installed on the EC2 host. After the install
no code/restart was needed — the existing /usr read-only bind picks
up the new binary automatically.

Also expanded the host setup to document the same pattern for any
other host CLI tools agents may need (unzip, jq, ffmpeg, sqlite3, ...)
— install on host, available to all sandboxes for free.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: kapaleshreyas

packages/runtime-bwrap/README.md

@@ -51,7 +51,11 @@ Inside the sandbox the agent sees:
 ```bash
 # Debian/Ubuntu
 sudo apt-get update
-sudo apt-get install -y bubblewrap unzip curl ca-certificates
+sudo apt-get install -y \
+  bubblewrap                  `# the sandbox itself` \
+  unzip curl ca-certificates  `# build/install prereqs` \
+  poppler-utils               `# PDF rendering — Claude Code's Read tool shells out to pdftoppm` \
+  git                         `# for git-source GAP repos`
 
 # Node 22 (NodeSource)
 curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
@@ -63,12 +67,29 @@ curl -fsSL https://bun.sh/install | bash
 echo 'export PATH="$HOME/.bun/bin:$PATH"' >> ~/.bashrc
 
 # Verify
-bwrap --version    # >= 0.11
-node --version     # >= 22
-pnpm --version     # 9.x
+bwrap --version       # >= 0.11
+node --version        # >= 22
+pnpm --version        # 9.x
 ~/.bun/bin/bun --version
+pdftoppm -v 2>&1 | head -1   # >= 23.x (any recent poppler is fine)
 ```
 
+### Why poppler-utils?
+
+The `claude-agent-sdk` engine spawns the Claude Code CLI binary inside the
+bwrap sandbox. Claude Code's `Read` tool, when given a `.pdf` file path,
+calls `pdftoppm` from `poppler-utils` to rasterize each page to a PNG, then
+ships those PNGs to the Anthropic API as image content blocks. **Without
+`pdftoppm` on PATH, every PDF read fails with "pdftoppm is not installed".**
+
+Because we bind `/usr` read-only into every sandbox (see `bwrap-args.ts`),
+installing `poppler-utils` once on the host makes it visible to every
+current and future bwrap session — no per-session staging needed.
+
+The same applies to any other host-side CLI tool an agent might need at
+runtime (`unzip`, `jq`, `ffmpeg`, `sqlite3`, etc.). Install on the host,
+they show up in `/usr/bin` inside the sandbox automatically.
+
 ### Get the code
 
 The simplest path is a tarball of committed files (no node_modules, no