Adversarial tests: implement all 8 ignored test scenarios

[jeremymanning]

Description

8 adversarial tests exist as #[ignore] stubs with unimplemented!() macros in tests/adversarial/:

1. test_flood_resilience.rs: malformed_peer_flood (T140) — needs gossip transport test injection
2. test_flood_resilience.rs: job_submit_flood_rate_limited — rate limiting under flood
3. test_sandbox_escape.rs: sandbox_escape_via_ptrace (T137) — needs sandbox runtime integration
4. test_sandbox_escape.rs: sandbox_escape_via_container_runtime — container escape attempt
5. test_network_isolation.rs: network_escape_via_host_bridge (T138) — needs network namespace plumbing
6. test_network_isolation.rs: network_escape_via_dns_intercept — DNS interception attempt
7. test_byzantine_donor.rs: byzantine_data_corruption (T139) — needs multi-node test harness
8. test_byzantine_donor.rs: byzantine_quorum_bypass — quorum manipulation attempt

Requirements

• Each test must actually exercise the attack scenario, not just assert
• Tests require real sandbox runtimes (Firecracker/WASM), real network namespaces, real gossip transport
• Multi-node tests need a test harness that spawns multiple agent instances
• Tests must verify the attack is detected AND contained (not just blocked)

Success Criteria

• All 8 tests are implemented (no unimplemented!() macros, no #[ignore])
• Sandbox escape tests run inside real VM boundary
• Network isolation tests use real network namespaces
• Byzantine tests run multi-node scenarios
• Flood resilience tests inject real gossip traffic
• All tests pass on CI (Linux with KVM for Firecracker tests)

Testing (Principle V)

• Run on real hardware with KVM support
• Sandbox escape: attempt ptrace from inside Firecracker VM → must fail
• Network isolation: attempt to reach host bridge → must fail
• Byzantine: inject wrong result → must be detected within 100 audited tasks
• Flood: send malformed gossip for 60s → cluster remains operational

[jeremymanning]

Addressed in spec 004-full-implementation (PR #59). Implementation verified in code; 802 tests passing across Linux/macOS/Windows. See #57 master plan for full context.