[SECURITY] Fix no-new-privileges security option to true

## Summary

This issue was identified by an automated security audit run by Claude.

## Severity: CRITICAL (P0)

## Description

The sandbox containers are configured with `no-new-privileges=false`, which allows processes to gain additional privileges via setuid binaries and other mechanisms. This setting should be `true` to prevent privilege escalation.

**Location:** `backend/app/services/sandbox_providers/docker_provider.py` (lines 119-120)

```python
privileged=True,
security_opt=["no-new-privileges=false"],
```

## Attack Scenario

With `no-new-privileges=false`:

```bash
# Setuid binaries can escalate privileges
# If there's a vulnerable setuid binary:
./vulnerable_setuid_binary  # Can now get root
```

## Remediation

Change `no-new-privileges=false` to `no-new-privileges=true`:

```python
security_opt=["no-new-privileges=true"],  # Changed from false to true
```

## Risk if Unfixed

Privilege escalation within the container, potentially leading to container escape when combined with other vulnerabilities.

---
🤖 This issue was identified by an automated security audit run by Claude.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SECURITY] Fix no-new-privileges security option to true #132

Summary

Severity: CRITICAL (P0)

Description

Attack Scenario

Remediation

Risk if Unfixed

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[SECURITY] Fix no-new-privileges security option to true #132

Description

Summary

Severity: CRITICAL (P0)

Description

Attack Scenario

Remediation

Risk if Unfixed

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions