Implement option to disallow (ignore in fact) modifications of file
opened in another VM (including DispVM).
This commit implements actual services part and handling in wrapping scripts.
FixesQubesOS/qubes-issues#1118
This have many advantages:
- prevent XSS (QubesOS/qubes-issues#1462)
- use default browser instead of default HTML viewer
- better qrexec policy control
- easier to control where are opened files vs URLs
For now allow only http(s):// and ftp:// addresses (especially prevent
file://). But this list can be easily extended.
QubesOS/qubes-issues#1462FixesQubesOS/qubes-issues#1487
