bootstrap: add --sandbox bootstrap argument

[yorkie]

What's the sandbox?

ShadowNode should be able to run a script in sandbox mode, which means the modules the script can access should be restricted. Within this feature, every defined application could run in a safe environment for the host.

Permissions

A sandbox should own the following permissions:

• --allow-fs the script can use file system.
• --allow-net the script can use networking API.
• --allow-tls the script can use TLS API.
• --allow-fork the script can use Child Process API to fork/exec sub-processes.
• --allow-global-module the script can load global modules.
• native module (.node) are always disabled.

By default, if it starts with iotjs --sandbox, the above permissions are not enabled. To enable one or more of them, you should append the params before the script like the below:

$ iotjs --sandbox --allow-fs ./fs-script.js

/cc @legendecas @algebrait @lolBig

[algebrait]

If consider native code through NAPI, libc or even system call should be customized.

[yorkie]

Customized libc/syscall are such heavy works, so let's always disable loading from .node.