tame() requests


By default, no system calls work.  Valid requests include

malloc - mmap, getentropy, mprotect, etc
rw - read/write
stdio - malloc features + rw
rpath wpath cpath tmppath - path "opening"
fattr - chmod, utimes -- explicit changes to "fd" modes 
unix inet - opening of new sockets
cmsg - file descriptor passing featureset
getpw - passwd/group file accesses are expected
ioctl - only small subset of ioctl features

Will be extended slowly, as more needs are found

Combinations of these create "subsets of the posix" environment
which we consider safe & usable