[docker/cli] bug: docker sandbox networking fails to route TCP traffic to host.docker.internal despite --allow-host configuration

### ROOT CAUSE The issue arises because the `host.docker.internal` DNS alias, which resolves to the host's loopback interface (127.0.0.1), is not automatically configured in the Docker sandbox environment even when `--allow-host` is specified. The sandbox networking isolates the container's DNS resolution, and the `host.docker.internal` entry is missing from the container's `/etc/hosts` file or DNS configuration. The `--allow-host` flag only grants network access but doesn't automatically create the `host.docker.internal` alias. ### CODE FIX Add an explicit entry for `host.docker.internal` in the container's DNS configuration by modifying the service definition in `docker-compose.yml`: ```yaml services: myservice: image: myimage extra_hosts: - "host.docker.internal:127.0.0.1" ``` This ensures the alias is resolved within the sandbox environment. Alternatively, in the Docker CLI code, modify the sandbox network setup to include `host.docker.internal` in the container's DNS configuration.