fix(SEC-ORCH-30): Add unique suffix to container names

Add crypto.randomBytes(4) hex suffix to container name generation
to prevent name collisions when multiple agents spawn simultaneously
within the same millisecond. Container names now include both a
timestamp and 8 random hex characters for guaranteed uniqueness.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/orchestrator/src/spawner/docker-sandbox.service.ts

@@ -1,5 +1,6 @@
 import { Injectable, Logger } from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
+import { randomBytes } from "crypto";
 import Docker from "dockerode";
 import {
   DockerSandboxOptions,
@@ -248,8 +249,10 @@ export class DockerSandboxService {
         }
       }
 
-      // Container name with timestamp to ensure uniqueness
-      const containerName = `mosaic-agent-${agentId}-${Date.now().toString()}`;
+      // Container name with timestamp and random suffix to guarantee uniqueness
+      // even when multiple agents are spawned simultaneously within the same millisecond
+      const uniqueSuffix = randomBytes(4).toString("hex");
+      const containerName = `mosaic-agent-${agentId}-${Date.now().toString()}-${uniqueSuffix}`;
 
       this.logger.log(
         `Creating container for agent ${agentId} (image: ${image}, memory: ${memoryMB.toString()}MB, cpu: ${cpuLimit.toString()})`