Function is_nested 

pub fn is_nested() -> bool

Detect if this process is already inside a sandbox.

Checks both the in-process flag and /proc/self/status (Seccomp: 2) to catch cross-process nesting (e.g. sandlock run -- python agent.py where agent.py creates inner sandboxes).