Support all common commands

[insanitybit]

cargo has a number of "common commands", a number of which are security relevant.

• [x] #7
• [x] #8
• [ ] #9
• [ ] #10
• [ ] #11
• [ ] #12
• [ ] #13
• [ ] #14
• [ ] #15
• [ ] #16
• [ ] #17
• [ ] #18
• [ ] #19
• [ ] #20
• [ ] #21

[insanitybit]

This will likely imply some new container types, potentially including a Trusted container with full capabilities.

1. Trusted - new, init, add, clean
2. Exec - bench, test, run
3. Install - install, uninstall

doc will be a weird one to deal with, not sure what to do about that. At minimum we'll want to use Build for the generation, but after that it's going to run arbitrary javascript in a browser if you use --open. Probably not so dangerous, but a bit tricky.

Exec is a placeholder. For basic unit tests we can have a really locked down environment. It's tests that have to reach out to the internet, etc, where things are really tricky.

One option is to solve the "my tests do arbitrary stuff" is via custom sandbox profiles. The default could optimize for unit tests and if you have integration tests maybe you need to do something else.