fix: address self-review findings for Vercel Sandbox salvage

- Add vercel_sandbox to hardline blocklist container bypass test
- Add vercel_sandbox to skills_tool remote backend parametrize test
- Deduplicate runtime set: doctor.py and setup.py now import
  _SUPPORTED_VERCEL_RUNTIMES from terminal_tool.py
- Add docstring to _run_bash explaining timeout/stdin_data discards
- Always stop sandbox during cleanup (unconditional, matching Modal/Daytona)
- Update security.md: container bypass text, production tip, comparison table
- Update environment-variables.md: TERMINAL_ENV list, Vercel auth vars,
  TERMINAL_VERCEL_RUNTIME
- Update inline comments in cli.py and config.py to include vercel_sandbox

tools/environments/vercel_sandbox.py

@@ -578,6 +578,17 @@ class VercelSandboxEnvironment(BaseEnvironment):
         timeout: int = 120,
         stdin_data: str | None = None,
     ):
+        """Run a bash command in the Vercel sandbox.
+
+        ``timeout`` is not forwarded to the Vercel SDK (which does not expose
+        a per-exec timeout parameter); the base class ``_wait_for_process``
+        enforces timeout by killing the sandbox via ``cancel_fn``.
+
+        ``stdin_data`` is intentionally discarded here because
+        ``_stdin_mode = "heredoc"`` causes the base class ``execute()`` to
+        embed any stdin payload into the command string before calling this
+        method.
+        """
         del timeout
         del stdin_data