Clone state only before tool calls only when it is injectable #54
Description
As explained in the title, it is not necessary to clone the state at every tool call. We believe it is unlikely that attacks would need to move (either forward or backwards) to states that are not injectable. This is going to reduce the footprint of cloning states, especially in heavier-weight environments like the Docker-based BashEnv.