gh CLI requires dangerouslyDisableSandbox

All gh CLI invocations (pr, issue, api, auth, etc.) must use dangerouslyDisableSandbox: true.

Why: gh stores its OAuth token in the OS keyring (libsecret on Linux). The sandbox blocks the keyring socket, so gh sees an invalid token and returns HTTP 401 even though the token is valid.

How to apply: Any Bash tool call containing gh uses dangerouslyDisableSandbox: true. If gh auth fails, ask the user to run '! gh auth login' themselves — do not attempt it from inside Claude.