Stop overriding the sandbox hostname

Setting --hostname sandbox inside the UTS namespace was purely cosmetic
(a label for interactive shells) and provided no isolation beyond what
--unshare-uts already gives. It also caused codex to hang for ~5s on
startup: glibc resolved the unknown "sandbox" name via systemd-resolved
and waited through two DNS retry timeouts before giving up.

Dropping the override lets the sandbox inherit the host's hostname,
which already resolves locally, eliminating the stall.

src/cli.rs

@@ -18,7 +18,7 @@ pub struct Args {
     #[arg(long)]
     pub whitelist: bool,
 
-    /// Harden: unshare IPC, PID, UTS namespaces and set hostname to "sandbox" (implied by --whitelist)
+    /// Harden: unshare IPC, PID, UTS namespaces (implied by --whitelist)
     #[arg(long, overrides_with = "no_hardened")]
     pub hardened: bool,
 

src/sandbox.rs

@@ -13,7 +13,6 @@ pub fn build_command(config: &SandboxConfig) -> Result<Command, SandboxError> {
 
     if hardened {
         cmd.args(["--unshare-ipc", "--unshare-pid", "--unshare-uts"]);
-        cmd.args(["--hostname", "sandbox"]);
     }
     if config.unshare_net {
         cmd.arg("--unshare-net");