Add --json flag for structured JSON event output to stderr

[hattori7243]

Summary

• Add --json CLI flag that emits one JSON object per line to stderr for machine-readable sandbox event output
• Emit structured events for CLI errors, network blocks, filesystem violations, and sandbox summary
• Events include typed type field (cli_error, network_blocked, fs_violation, sandbox_summary) plus context-specific fields (host, port, reason, exitCode, duration, etc.)

Motivation

Other languages/tools wrapping the srt CLI need to parse sandbox events programmatically. Plain text stderr output is hard to parse reliably. Structured JSON Lines output enables automated processing of network blocks, filesystem violations, and exit summaries.

Usage

srt --json -c "curl http://evil.com"
# stderr: {"type":"network_blocked","host":"evil.com","port":80,"reason":"no_matching_allow","timestamp":"...","version":1,"pid":12345}
# stderr: {"type":"sandbox_summary","exitCode":0,"totalNetworkBlocks":1,"durationMs":150,"timestamp":"...","version":1,"pid":12345}

Changed files

File	Change
src/utils/structured-logger.ts	New singleton logger (~130 lines)
src/cli.ts	Wire --json flag, emit events at error/exit paths
src/sandbox/sandbox-manager.ts	Emit network_blocked events from filterNetworkRequest()

No changes to proxy servers, sandbox builders, or existing function signatures. All logging is no-op when --json is not set.

Test plan

• Existing test suite passes (249 pass, 145 skip, 5 fail — identical to baseline)
• Manual: srt --json -c "echo hello" produces sandbox_summary event on stderr
• Manual: srt --json -c "curl http://denied.example" produces network_blocked + sandbox_summary events
• Manual: srt -c "echo hello" (no --json) behaves identically to before