feature request: restrict write access of container for code evals

models that we run in code evals where code is actually executed shouldn't be able to write to all mounted dirs. 

workaround could be to allow write to some tmp dir from which we then copy the results in a post-processing step after exiting the container