expose captureFromMap()

[boneskull]

Description

This exposes captureFromMap() in capture-lite.js.

This function is similar to e.g., makeArchiveFromMap() in archive-lite.js; but rather than creating a .zip archive, it simply returns the fully-completed CompartmentMapDescriptor, Sources, and a mapping of filename to compartment map name.

This information is needed for next-gen-lavamoat-node ("endomoat")'s automatic policy generation.

Another commit disables the hardcoded check for parsers in the compartment map validation functions (which are no longer necessary after #2304).

Questions

• Should this be split into two PRs?
• Should any of this be renamed?
• Internal functions were copy/pasted from archive-lite.js into capture-lite.js. Should these be extracted into a shared module?

Security Considerations

None that I'm aware of.

Scaling Considerations

If anything, it may shave a few nanoseconds off of compartment map validation.

Documentation Considerations

Probably should be added to NEWS.md.

Testing Considerations

• [ ] The compartment map validation is currently not tested in isolation and probably should be (removing the parser-name assertion did not cause a test to fail)
• [x] captureFromMap() needs some sort of basic round-trip test. I think a snapshot of the return value may suffice?

Compatibility Considerations

None

Upgrade Considerations

None

[boneskull]

@kriskowal I've added some tests: https://github.com/endojs/endo/pull/2308/files#diff-83a914c4839dc5f99eee550a04270efaa250a614f292da572b717e3cde1db18f

Noting that a snapshot would be inappropriate for captureFromMap()'s output, since it contains many absolute paths.