#21665: fix(sandbox): add /home and /Users to bind-mount denylist

## Summary - Add `/home` and `/Users` to the `BLOCKED_HOST_PATHS` array in `validate-sandbox-security.ts` so that user home directories containing SSH keys and cloud credentials cannot be bind-mounted into sandbox containers. - Update the error message to suggest `/srv` or `/opt` paths instead of `/home` paths. - Update existing tests that expected `/home` mounts to succeed, and add new test cases verifying that `/home` and `/Users` mounts are blocked. ## Test plan - [x] Existing test suite passes (21 tests) - [x] New tests verify `/home` and `/Users` bind mounts are rejected with correct error messages - [x] Formatter and linter pass with no warnings <!-- greptile_comment --> <h3>Greptile Summary</h3> Added `/home` and `/Users` to the bind-mount denylist to prevent SSH keys and cloud credentials from being exposed in sandbox containers. Updated error messages to suggest `/srv` or `/opt` paths instead of `/home`. Test suite updated to verify the new blocks work correctly. **Critical Issue**: Multiple documentation files contain examples using `/home/user/*` paths that will now be rejected by this security change: - `docs/gateway/sandboxing.md` (lines 70, 87) - `docs/help/faq.md` (line 1197) - `docs/gateway/configuration-reference.md` (line 896) - `docs/channels/groups.md` (line 108) - `docs/install/docker.md` (lines 125, 156) These docs need updating to use `/srv` or `/opt` examples instead, or users following the documentation will encounter validation errors. <h3>Confidence Score: 3/5</h3> - Safe implementation but incomplete - documentation updates are missing - The code changes are well-implemented with proper tests and clear security benefits. However, the PR introduces a breaking change that invalidates examples in at least 8 documentation files across the repository. Users following current docs will encounter validation errors. Score would be 5 if documentation was updated to match the new path restrictions. - Documentation files outside this PR need updating to replace `/home/*` examples with `/srv/*` or `/opt/*` paths _{Last reviewed commit: 77d2e92} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->