feat(cli): Allow SEATBELT profiles in user settings directory

[grepsuzette]

Description:

This PR enhances the SEATBELT profile resolution logic to support both project-local and global user profiles. Specifically, the resolver now:

• First checks for profile files in the project’s .qwen/ directory.
• If not found, falls back to the user’s global .qwen/ directory (~/.qwen/ by default).

This change enables users to define and reuse global SEATBELT sandbox profiles across multiple projects — eliminating the need to duplicate profile files in every project directory.

Background:

Currently, SEATBELT supports the following predefined profiles:

• permissive-closed
• permissive-open
• permissive-proxied
• restrictive-closed
• restrictive-proxied

As documented in docs/sandbox.md, users may also define custom profiles via the SEATBELT_PROFILE environment variable. However, the system previously only looked for custom profile files (e.g., sandbox-macos-<profile>.sb) within <project>/.qwen/name.sb. If the file was absent, resolution would fail — even if a valid profile existed in the user’s global settings directory.

Impact:

With this change, users can now place commonly used sandbox profiles in their global ~/.qwen/ directory and reference them from any project — streamlining setup and reducing redundancy.

Reviewer Test Plan

This only applies to macOS (because Seatbelt).

• Write a seatbelt profile in your ~/.qwen. You may copy and modify one e.g. packages/cli/src/utils/sandbox-macos-permissive-open.sb into ~/.qwen/sandbox-macos-custom.sb,
• Launch qwen with SEATBELT_PROFILE=custom qwen -s,
• It should now show macOS Seatbelt (custom) in the status.

Fixes #559