Implement export with file "sanitization" (content disarm/reconstruct)

[rocodes]

This is a tracking issue for all the steps related to a document sanitization (aka content disarmament/reconstruction, aka malware mitigation) workflow.

The goal is a workflow that allows users to work with documents in electronic form, while minimizing the risk of malware.

Tasks include:

• Draft/send out user research questions, particularly around initial file type support. (link: currently-supported file types for sdw and dangerzone)
• Draft technical spec document, which will include answers to implementation decisions (single file vs batch processing, per-file VM vs batch, failure modes, initial file type support), configuration/provisioning, and initial (cli-based) workflow
• Review + threat modeling of spec doc
• Implementation (sub-tasks TBD once specs are approved)
• Other tasks to be added as work progresses

[rocodes]

Tagging some related issues: https://github.com/freedomofpress/securedrop-client/issues/2007, https://github.com/freedomofpress/securedrop-workstation/issues/671, https://github.com/freedomofpress/securedrop-client/issues/458, https://github.com/freedomofpress/securedrop-client/issues/1725

[deeplow]

Interesting, in the Qubes forum, someone named the approach of [qube A] -> [sanitizing in disp B] -> [qube C] as double-door system. That makes sense, but I feel like double-door implies more a door with two doors. If we need a name for this we could take inspiration from the medical world. Here are some samples: disinfection tunnel, decontamination tunnel.