Allow setting sandbox parameters per-language, make sandbox more restrictive

[prandla]

• Allow each language to modify the parameters of the sandbox for both compilation and evaluation.
• Don't put /etc in the sandbox by default, only include the parts of /etc that are necessary for specific languages. (except for pascal... isolate doesn't support bind-mounting individual files, and pascal uses /etc/fpc.cfg instead of a subdirectory, so we still need to mount all of /etc for it. Note that the kernel does support bind-mounting files - should this feature be added to isolate?)
• Don't use preserve_env=True for compilation sandboxes, instead set PATH (which seems to be the only environment variable that was actually necessary) to a reasonable value manually.

This implements one part of #1480 and is necessary for supporting dotnet (#1243).

I call configure_compilation_sandbox and configure_evaluation_sandbox as late as possible, to allow languages to override the general parameters if needed. None of them need that currently, but it might be useful in the future.

Note that TwoSteps doesn't actually call configure_evaluation_sandbox, but then again it never even called get_evaluation_commands in the first place...

[codecov]

Codecov Report

❌ Patch coverage is 50.00000% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 54.16%. Comparing base (c682a55) to head (6198479).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
cms/grading/languages/java_jdk.py	40.00%	3 Missing ⚠️
cms/grading/tasktypes/interactive_keeper.py	0.00%	3 Missing ⚠️
cms/grading/language.py	60.00%	2 Missing ⚠️
cms/grading/languages/csharp_mono.py	50.00%	2 Missing ⚠️
cms/grading/languages/python3_pypy.py	50.00%	2 Missing ⚠️
cms/grading/steps/evaluation.py	33.33%	2 Missing ⚠️
cms/grading/languages/haskell_ghc.py	50.00%	1 Missing ⚠️
cms/grading/languages/pascal_fpc.py	50.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1545      +/-   ##
==========================================
- Coverage   54.17%   54.16%   -0.01%     
==========================================
  Files         340      340              
  Lines       27844    27871      +27     
==========================================
+ Hits        15085    15097      +12     
- Misses      12759    12774      +15     

Flag	Coverage Δ
functionaltests	0.00% <0.00%> (ø)
unittests	54.16% <50.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.