Enable sandboxed lockfile generation in extensions

[maxrake]

1292 disabled the sandbox for lockfile generation in extensions, with this explanation:

Currently the lockfile generation sandbox does not spawn a separate process, thus enabling the sandbox for the calling process directly. Since extensions might be doing other things after generating the lockfile for a manifest, this could prevent them from operating correctly.

This patch removes the sandboxing for lockfile generation when calling parseLockfile from an extension. In the future it should be possible to enable this again by spawning a separate process for lockfile generation.

This request is that future placeholder, to enable the sandbox again. Spawning a separate process for lockfile generation and using IPC is one possibility. There may be others.

[cd-work]

One noteworthy thing to mention is that if we have to spawn a separate process for lockfile generation in extensions anyway, it's probably a good idea to always do this in CLI. That way we won't run into this problem again in the future if we ever have to do some additional operations after parsing the lockfile in analyze/parse (or potential new subcommands).