Expose host time to JS, via standard APIs

[eddyashton]

This is a revival of #2468, following multiple user requests. That issue proposed adding custom APIs to make it clear that this time was untrusted, but on balance it looks like standard API compatibility is broadly preferred - we'll call out the implementation details/risks in the documentation.

I would like to retain a flag in app.json which makes this opt-in, but that does make the implementation trickier - Date global is auto-inserted by QuickJS, we shim the implementation of gettimeofday, and making it opt-in implies making that stateful.

A minimal effort approach would be to remove the shim entirely, and use OE's implementation of gettimeofday as an OCall. But I think that has knock-on implications that we're unhappy with, aside from the performance impact on code actually using it.

[achamayou]

I would like to retain a flag in app.json which makes this opt-in, but that does make the implementation trickier - Date global is auto-inserted by QuickJS, we shim the implementation of gettimeofday, and making it opt-in implies making that stateful.

Alternatively, we can have js_generic and js_generic_with_time targets, trading off a little build time and complexity versus additional configuration.