Introduces SandboxRPCAPI extending capnweb's RpcTarget, which calls
container services directly without going through the HTTP router.

Wires a /capnweb WebSocket upgrade path in the Bun server and
initialises a capnweb RPC session per connection. An HTTP bridge
(httpFetch/httpFetchStream) is also exposed so the SDK can route
its existing transport calls over capnweb during the transitional
stages before all methods call native RPC directly.

Adds FileService.writeFileStream() which pipes a ReadableStream<Uint8Array>
directly to disk via Bun's file writer, avoiding buffering the full file
in memory.

Updates the writeFile signature in ISandbox and ExecutionSession (shared
types) to accept string | ReadableStream<Uint8Array>, enabling callers to
pass a stream without a separate API method.

Extends TransportMode to include 'capnweb'. Implements CapnwebTransport
extending BaseTransport — a capnweb WebSocket RPC transport that connects
either via a direct WebSocket or through a Durable Object stub.fetch()
upgrade, matching the pattern used by WebSocketTransport.

Wires CapnwebTransport into createTransport() and exports it from the
transport barrel alongside HttpTransport and WebSocketTransport.

ContainerConnection manages a single capnweb RPC session and exposes a
typed ContainerRPCAPI interface — the client-side mirror of the container's
SandboxRPCAPI.

RPCSandboxClient implements the same field-level interface as SandboxClient
(.commands, .files, .processes, etc.) so sandbox.ts can switch between
the two transports without changes at the call sites.

Reads SANDBOX_TRANSPORT=capnweb, constructs a ContainerConnection and
RPCSandboxClient, and connects to /capnweb inside the container. The
connection is torn down alongside the client on sandbox sleep.

SandboxClient.writeFileStream() is added for the capnweb-only streaming
path; sandbox.writeFile() routes to it when passed a ReadableStream.

LocalMountSyncManager's client field is widened to accept the union
type SandboxClient | RPCSandboxClient.

Covers factory wiring, initial state, safe disconnect (including multiple
calls), concurrent connect() deduplication, and connection failure
propagation. Uses mocked internals for connection-dependent paths,
following the pattern established in ws-transport.test.ts.

Exercises command execution, streaming output, file write/read, directory
listing, and session isolation end-to-end through the capnweb bridge.
Tests run against a live Cloudflare container and also serve as regression
coverage for core operations when run with the default HTTP transport.

Delete the httpFetch/httpFetchStream bridge methods from SandboxRPCAPI
and the ContainerRPCAPI interface, and drop the router dependency from
SandboxRPCAPIDeps. These methods were a transitional shim for
CapnwebTransport to route requests through the HTTP handler layer;
they are unreachable now that RPCSandboxClient calls native RPC directly
for every operation.

Remove CapnwebTransport entirely. When SANDBOX_TRANSPORT=capnweb, sandbox.ts
creates a ContainerConnection and RPCSandboxClient directly, so
CapnwebTransport is never instantiated. Remove it from the transport
factory, barrel exports, and its unit test file.

Remove the dead capnweb branch from createSandboxClient() and the
writeFileStream method from SandboxClient, both of which were only
reachable via the now-removed transport.