sandboxes: document branch-mode in-container clone and source-repo isolation

[ndeloof]

Summary

Documents the branch-mode rework introduced in docker/sandboxes#2477, which replaces on-host Git worktrees with an in-container clone exposed over git-daemon, and surfaces the new source-repository isolation guarantee.

User-facing changes in usage.md:

• Rewrites the Branch mode section to describe the in-container clone, the read-only source mount, and the sandbox-<name> Git remote that gets wired on the host.
• Replaces the worktree-walking workflow (git worktree list, cd .sbx/...) with the simpler git fetch sandbox-<name> review flow.
• Drops the now-obsolete .sbx/-directory and "multiple branches per sandbox" sections.
• Adds a Restrictions section covering the configurations rejected at create time (--workspace-volume, host worktree).

Security-model changes:

• Adds a new Source-repository isolation section in security/isolation.md that explains why the agent — even running unconstrained — cannot corrupt the host's .git state. The host source is bind-mounted read-only at /run/sandbox/source; the agent's clone is private (own index, own refs, own working tree) and shares only the immutable object database via .git/objects/info/alternates.
• Promotes the security model from four to five isolation layers in security/_index.md.
• Updates security/workspace.md to correct the previous "branch mode is a workflow convenience, not a security boundary" caveat, which is no longer accurate after added compose file example in accordion #2477.

The changes lean heavily on the threat-model framing the user asked for: the new design is not just ergonomic, it is the first time --branch provides a hard isolation boundary for the source repository.

Dependency

This documentation describes behavior introduced by docker/sandboxes#2477, which is not yet merged at the time of opening this PR. Please hold this PR or land it on the next sandboxes release that ships #2477.

Test plan

• Visual review of the rendered usage.md branch-mode section
• Visual review of the rendered security/isolation.md source-repository-isolation section
• Cross-link sanity check between usage.md, security/workspace.md, and security/isolation.md

[netlify]

✅ Deploy Preview for docsdocker ready!

Name	Link
🔨 Latest commit	17a22ac
🔍 Latest deploy log	https://app.netlify.com/projects/docsdocker/deploys/69fdd3cfa8f18a000804ba02
😎 Deploy Preview	https://deploy-preview-25007--docsdocker.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[docker-agent]

Assessment: 🟢 APPROVE

The documentation changes are well-written and follow Docker's style guidelines. The branch-mode section rewrite, source-repository isolation explanation, and security model updates are clear, accurate, and appropriately scoped.