fix(SEC-REVIEW-4-7): Address remaining MEDIUM security review findings

- Graceful container shutdown: detect "not running" containers and skip
  force-remove escalation, only SIGKILL for genuine stop failures
- data: URI stripping: add security audit logging via NestJS Logger
  when data: URIs are blocked in markdown links and images
- Orchestrator bootstrap: replace void bootstrap() with .catch() handler
  for clear startup failure logging and clean process.exit(1)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/orchestrator/src/spawner/docker-sandbox.service.spec.ts

@@ -243,11 +243,25 @@ describe("DockerSandboxService", () => {
       expect(mockContainer.remove).toHaveBeenCalledWith({ force: false });
     });
 
-    it("should fall back to force remove when graceful stop fails", async () => {
+    it("should remove without force when container is not running", async () => {
       const containerId = "container-123";
 
       (mockContainer.stop as ReturnType<typeof vi.fn>).mockRejectedValueOnce(
-        new Error("Container already stopped")
+        new Error("container is not running")
+      );
+
+      await service.removeContainer(containerId);
+
+      expect(mockContainer.stop).toHaveBeenCalledWith({ t: 10 });
+      // Not-running containers are removed without force, no escalation needed
+      expect(mockContainer.remove).toHaveBeenCalledWith({ force: false });
+    });
+
+    it("should fall back to force remove when graceful stop fails with unknown error", async () => {
+      const containerId = "container-123";
+
+      (mockContainer.stop as ReturnType<typeof vi.fn>).mockRejectedValueOnce(
+        new Error("Connection timeout")
       );
 
       await service.removeContainer(containerId);