Added simple protection for avatar URL

[ksuprynowicz]

This adds simple permissions system to script engines. As an example permission, setting to protect avatar URL is added here. This PR also prevents getting other people's avatar URLs. It's still work in progress - I need to add protection for avatar URL setting entry and bookmarks.

[vegaslon]

The actual bookmark names or thumbnails that you can define in them might be useful for casuals scripts to use for the purpose of nametags, or a wardrobe app etc.

[ksuprynowicz]

The actual bookmark names or thumbnails that you can define in them might be useful for casuals scripts to use for the purpose of nametags, or a wardrobe app etc.

Yes. The PR whitelists all local filesystem, tutorial and community apps scripts for this reason and provides simple UI for whitelisting more scripts and also for disabling this system entirely and allowing all scripts.

Future PRs will also contain UI that will allow scripts to ask for required permissions.

[ksuprynowicz]

This is now ready for code review and testing. Please let me know if it breaks anything.

[vegaslon]

avatar and some entity textures are broken on windows.

[vegaslon]

not caused by this pr but https://github.com/overte-org/overte/pull/854 which was merged between test builds

[ksuprynowicz]

@HifiExperiments Thank you for the review! Let me know if there's anything else to fix :) In the meantime I think this PR is ready for testing.

[vegaslon]

Script protection can not be turned off completely for untrusted sources using the checkbox . As a test try running this script https://raw.githubusercontent.com/danteruiz/hifi-content/dcad0fc0c16520815654c6a2f3cc12a11c1230e4/debug/avatarTest.js

[ksuprynowicz]

Fixed! Should work well now.

[vegaslon]

Yep works now, have not found any more bugs

[ksuprynowicz]

If there's no more problems I think this can be safely merged.