Hardened wasi clock_time_get and clock_time_res

[akegalj]

This is a stub issue regarding Spectre and timing attacks raised here https://github.com/lunatic-solutions/lunatic/pull/26#issuecomment-789801540

@jtenner rised an issue that clock_time_get and clock_time_res might be succeptible to https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)

@jocaml advised that we might add a parameter to specify max resolution

Some points from Spectre wiki:

• As of Firefox 57.0.4, Mozilla was reducing the resolution of JavaScript timers to help prevent timing attacks, with additional work on time-fuzzing techniques planned for future releases.
• The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer. (https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/)
• https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

[teymour-aldridge]

(I'm probably misunderstanding) but aren't Spectre/Meltdown timing attacks more an issue for in-browser (untrusted) code than on servers?

[jtenner]

@teymour-aldridge we may be running untrusted code depending on the use case (I have a few ideas.)