fix: #3273 validate git repo subpaths

[Aphroq]

Summary

• Add validation for GitRepo.subpath before copying from the cloned repository.
• Reject empty, absolute, Windows-style, and parent traversal subpaths with a structured GitSubpathError.
• Add regression tests covering invalid subpaths and a valid relative subpath.

Test plan

• uv run pytest tests/sandbox/test_entries.py -k "git_repo"
• bash .agents/skills/code-change-verification/scripts/run.sh

Issue number

Closes #3273

Checks

• I've added new tests (if relevant)
• I've added/updated the relevant documentation
• I've run make lint and make format
• I've made sure tests pass

[seratch]

The intent of validating git_repo.subpath makes sense, but this currently validates too late.

With an invalid value like subpath="../outside", the code still performs the git clone first and only raises GitSubpathError afterward. Since this is a local configuration error and can be detected without touching the network or filesystem-heavy clone path, we should fail fast before cloning.

Could we move the subpath validation ahead of the clone step so invalid config is rejected before any repository fetch work starts?

Also, the CI is failing now.

[Aphroq]

Thanks for the review. I moved the subpath validation ahead of the git availability check and clone/fetch path, so invalid local configuration now raises GitSubpathError before any sandbox command is executed.

I also tightened the invalid-subpath regression test to assert that no session exec calls are made, and fixed CI.