Promote --experimental_use_hermetic_linux_sandbox to not be experimental

[timvpGoogle]

This feature request is to promote --experimental_use_hermetic_linux_sandbox to not be experimental, so it can be considered stable and be relied upon by ChromeOS's Firmware SDK.

[larsrc-google]

Question: Have you tried using it? We've found some problems with it, in particular that system binaries that scripts expect to see are not available in the sandbox.

[jjmaestro]

@larsrc-google maybe I'm misunderstanding your comment but isn't that the whole point, that the sandbox is empty and you have to be explicit about what you put in there? :-?

That's what it says in the --experimental_use_hermetic_linux_sandbox CLI docs:

If set to true, do not mount root, only mount whats provided with sandbox_add_mount_pair. Input files will be hardlinked to the sandbox instead of symlinked to from the sandbox. If action input files are located on a filesystem different from the sandbox, then the input files will be copied instead.

[snakethatlovesstaticlibs]

+1, we use this in our build prototype and it's instrumental to finding a variety of instances where bazel reads outside the sandbox