This PR reworks a few things to improve the behavior of tests. Currently, tests run via evalPureUnison, which surrounds the term with a sandboxing check, looking for any reference to a disallowed term (except Debug.toText and Value.value, which is enables). If the check fails, a fairly opaque message is printed out. You can end up in this situation because test runs things this way, but test> watches are relatively unrestricted. So, you can have a test that appears to be fine during creation, but will fail due to sandboxing later.

This instead changes test to use the sandboxed runtime, with no up front check. This has sensitive operations replaced to throw exceptions, so it's still not possible to use them. But, the error messages will be more targeted (mentioning the disallowed operation), and it won't fail merely because a disallowed operation is referred to, only if it's actually run. E.G. the following would previously fail as a test:

foo =
  unused = printLine
  [Ok "done"]

But won't anymore, because printLine isn't actually called with enough arguments.

I also made the following adjustments to the sandboxed runtime

• Made Debug.trace a no-op when running in sandboxed mode, instead of throwing an exception. This means that if you forget a trace statement in a test, it just won't do anything, instead of causing a failing test.
• Allowed Debug.toText in the sandboxed runtime. This was enabled by tests previously.

Value.value was already allowed in the sandboxed runtime.

Addresses #4685. I thought there was another issue asking for either trace or toText in docs, which this would also allow (with no-op behavior for the former), but I can't seem to find it.