Fix review findings: IP collision, pause race, proxy path, ENV ordering, conn drain

- Fix IP address collision at slot 32768+ by using bitwise shifts instead of
  byte-truncating division in network slot addressing
- Add per-sandbox lifecycleMu to serialize concurrent Pause/Destroy calls
- Sanitize proxy forwarding path with path.Clean
- Sort ENV keys in recipe shell preamble for deterministic ordering
- Fix ConnTracker goroutine leak by adding cancel channel to Drain/Reset
- Update context_test to assert deterministic ENV ordering

internal/sandbox/manager.go

@@ -49,6 +49,7 @@ type Manager struct {
 // sandboxState holds the runtime state for a single sandbox.
 type sandboxState struct {
 	models.Sandbox
+	lifecycleMu    sync.Mutex // serializes Pause/Destroy/Resume on this sandbox
 	slot           *network.Slot
 	client         *envdclient.Client
 	connTracker    *ConnTracker // tracks in-flight proxy connections for pre-pause drain
@@ -259,6 +260,9 @@ func (m *Manager) Destroy(ctx context.Context, sandboxID string) error {
 	m.mu.Unlock()
 
 	if ok {
+		// Wait for any in-progress Pause to finish before tearing down resources.
+		sb.lifecycleMu.Lock()
+		defer sb.lifecycleMu.Unlock()
 		m.cleanup(ctx, sb)
 	}
 
@@ -307,6 +311,11 @@ func (m *Manager) Pause(ctx context.Context, sandboxID string) error {
 		return err
 	}
 
+	// Serialize lifecycle operations on this sandbox to prevent concurrent
+	// Pause/Destroy calls from corrupting Firecracker state.
+	sb.lifecycleMu.Lock()
+	defer sb.lifecycleMu.Unlock()
+
 	if sb.Status != models.StatusRunning {
 		return fmt.Errorf("sandbox %s is not running (status: %s)", sandboxID, sb.Status)
 	}