fix(sandbox): complete copilot network policy from official allowlist

Adds missing endpoints from GitHub's official Copilot allowlist reference:
- api.individual.githubcopilot.com (Pro/Pro+ plan routing)
- api.business.githubcopilot.com (Business plan routing)
- copilot-proxy.githubusercontent.com (model proxy)
- copilot-telemetry.githubusercontent.com (telemetry)
- default.exp-tas.com (feature flags/experimentation)
- origin-tracker.githubusercontent.com (API service)

Removes gh binaries since copilot is a standalone binary, not gh copilot.

Source: https://docs.github.com/en/copilot/reference/copilot-allowlist-reference

Author: htekdev

crates/openshell-sandbox/testdata/sandbox-policy.yaml

@@ -63,15 +63,19 @@ network_policies:
       - { host: github.com, port: 443 }
       - { host: api.github.com, port: 443 }
       - { host: api.githubcopilot.com, port: 443 }
+      - { host: api.individual.githubcopilot.com, port: 443 }
+      - { host: api.business.githubcopilot.com, port: 443 }
       - { host: api.enterprise.githubcopilot.com, port: 443 }
+      - { host: copilot-proxy.githubusercontent.com, port: 443 }
+      - { host: copilot-telemetry.githubusercontent.com, port: 443 }
+      - { host: default.exp-tas.com, port: 443 }
+      - { host: origin-tracker.githubusercontent.com, port: 443 }
       - { host: release-assets.githubusercontent.com, port: 443 }
     binaries:
       - { path: "/usr/lib/node_modules/@github/copilot/node_modules/@github/**/copilot" }
       - { path: /usr/local/bin/copilot }
       - { path: "/home/*/.local/bin/copilot" }
       - { path: /usr/bin/node }
-      - { path: /usr/bin/gh }
-      - { path: /usr/local/bin/gh }
 
   gitlab:
     name: gitlab