feat(toolbox): update toolbox-base scripts

- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container configurations
- Update ToolboxStack/output/toolbox-base/build.sh with improved build process
- Update ToolboxStack/output/toolbox-base/run.sh with enhanced runtime configuration

These changes improve the base developer environment build and runtime capabilities.

ToolboxStack/output/toolbox-base/Dockerfile

@@ -108,7 +108,8 @@ COPY aqua.yaml /tmp/aqua.yaml
 RUN chown "${USER_ID}:${GROUP_ID}" /tmp/aqua.yaml \
     && su - "${USERNAME}" -c 'mkdir -p ~/.config/aquaproj-aqua' \
     && su - "${USERNAME}" -c 'cp /tmp/aqua.yaml ~/.config/aquaproj-aqua/aqua.yaml' \
-    && AQUA_GLOBAL_CONFIG=/tmp/aqua.yaml aqua install
+    && AQUA_GLOBAL_CONFIG=/tmp/aqua.yaml aqua install \
+    && su - "${USERNAME}" -c 'AQUA_GLOBAL_CONFIG=~/.config/aquaproj-aqua/aqua.yaml aqua install'
 
 # Install AI CLI tools via npm using mise to ensure Node.js is available
 RUN mise exec -- npm install -g @just-every/code@0.4.6 @qwen-code/qwen-code@0.1.1 @google/gemini-cli@0.11.0 @openai/codex@0.50.0 opencode-ai@0.15.29
@@ -122,6 +123,9 @@ RUN su - "${USERNAME}" -c 'mise exec -- npm install -g @just-every/code@0.4.6 @q
 RUN mkdir -p /workspace \
     && chown "${USER_ID}:${GROUP_ID}" /workspace
 
+# Remove sudo to ensure no root escalation is possible at runtime
+RUN apt-get remove -y sudo && apt-get autoremove -y && rm -rf /var/lib/apt/lists/*
+
 ENV SHELL=/usr/bin/zsh \
     AQUA_GLOBAL_CONFIG=/home/${USERNAME}/.config/aquaproj-aqua/aqua.yaml \
     PATH=/home/${USERNAME}/.local/share/aquaproj-aqua/bin:/home/${USERNAME}/.local/share/mise/shims:/home/${USERNAME}/.local/bin:${PATH}