Build Security

We've had a lot of discussion about build scripts and proc macros, but how far do we want to/should we go?

• sandbox build scripts and proc macros. They could still inject code that runs in the binary, thus not really helping with cargo run.
• additionally sandbox the runner (preferably with an easier way to enable it than setting a custom runner).
• additionally sandbox the LSP (more up to the users configuration than rust/cargo, but I have not heard that being mentioned at all). This might be out of scope for this discussion, but I am not sure what outside of build scripts and proc macros rust-analyzer executes or interprets, or how vulnerable it is against malicious code.
• At some point you might want to consider whether the compiler itself should run in a sandbox/container to limit the impact of vulnerabilities in the compiler, which can have additional benefits around reproducibility/cross-distro compilation.

All of this likely needs configuration around things like network access and should be easy to discover and use, if not even enabled by default. Each of them alone is already useful, but Security must be easy to use/configure otherwise it won't be used.