Improve setup for GitHub Copilot coding agent

.github/copilot-instructions.md

@@ -0,0 +1,30 @@
+This repository contains a Rust-based, security-focused sandboxing library OS. To maintain high code quality and consistency, please adhere to the following guidelines when contributing.
+
+## Code Standards
+
+### Required Before Each Commit
+- Run `cargo fmt` to format all Rust files using `rustfmt`.
+  - This ensures consistent code style across the codebase.
+
+### Development Workflow
+The recommended sequence during development is:
+1. **Format**: `cargo fmt`
+2. **Build**: `cargo build`
+3. **Lint**: `cargo clippy --all-targets --all-features`
+4. **Test**: `cargo nextest run`
+
+- Full CI checks are defined in `.github/workflows/ci.yml`.
+
+## Key Guidelines
+
+1. Follow Rust best practices and idiomatic patterns.
+2. Preserve the existing code structure and organization.
+3. Minimize use of `unsafe` code. Every `unsafe` block **must** include a clear safety comment explaining why it's sound. Always prefer safe abstractions and code where possible.
+4. Write unit tests for new functionality, especially if it affects public interfaces.
+   - Extremely simple changes do not require explicit unit tests.
+5. Document all public APIs and non-trivial implementation details.
+6. Avoid introducing new dependencies unless strictly necessary. If a dependency is added:
+   - It must be justified.
+   - Prefer `default-features = false` in `Cargo.toml`.
+7. Favor `no_std` compatibility wherever feasible.
+   - Some crates in the workspace may use `std`, but this should be deliberate and justified.

.github/workflows/copilot-setup-steps.yml

@@ -0,0 +1,39 @@
+# Customize GitHub Copilot coding agent development environment
+name: "Copilot Setup Steps"
+
+# Automatically run the setup steps when they are changed to allow for easy validation, and
+# allow manual testing through the repository's "Actions" tab
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+  pull_request:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+
+jobs:
+  # The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot.
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+
+    # Set the permissions to the lowest permissions possible needed for your steps.
+    # Copilot will be given its own token for its operations.
+    permissions:
+      # Needed to clone the repository
+      contents: read
+
+    # You can define any steps you want, and they will run before the agent starts.
+    # If you do not check out your code, Copilot will do this for you.
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up Rust
+        run: |
+          rustup toolchain install $(awk -F'"' '/channel/{print $2}' rust-toolchain.toml) --profile minimal --no-self-update --component rustfmt,clippy
+      - name: Set up Nextest
+        run: |
+          curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin
+      - name: Set up tun device for Linux userland testing
+        run: |
+          sudo ./litebox_platform_linux_userland/scripts/tun-setup.sh