Evaluate whether or not we still need execution privileges to be distinct from high privileges

[andrewbwm]

The current implementation of execution privileges seems to server only two purposes.

First, a reverse takeover is only possible via execution privileges.

Second, if an application is fully compromised the attacker can assume the identities with execution privileges on the application.

Is this the desired behaviour or is it simply there for legacy reasons?

Maybe the introduction of the user unsafe actions, which are tied to the specific privileges that a user has, may cover this already and we wish to remove execution privileges.

[andrewbwm]

We've decided to keep the execution privileges in order to compromise identities associated with an application that is taken over(full access). This is meant to represent the process being hijacked and the attacker attempting to use the privileges available to the executing identity on that particular system.

However, the reverse takeover concept was removed in 8672c380a8856d77b7dffd4bcab814998c6478a8 as the unsafe user action and reverse reach concepts introduced in v0.3.0 better account for it.