Applet capabilities

[ia0]

Currently, applets are granted all their imports and may use all resources. The bundle format (see #56) should describe what the applet is allowed to do in some metadata and this metadata should be signed by an entity the platform trusts.

Design questions:

• How should those capabilities look like?
• There should be capabilities for exclusive access to some resources. Probably some for shared access too? Or should an applet be the owner and other applets go through that owner using #53?
• Some capabilities may be dynamic? For example when requesting a resource from a uniform pool, like a set of timers. An applet may be allowed to allocate up to 3 timers, but the actual timer may vary from one execution to the next. This may also be the case when allocating a shared buffer in the scheduler for #53.