Sandboxed Support

[tresf]

QZ Tray currently cannot operate in a sandboxed environment. Sandboxed environments may be caused by the following:

• SELinux security settings
• MacOS Sandboxed Entitlements
• Comodo AV Application Containment

Sandboxes pose a challenge to several operations:

• Extracted native libraries (JNA, HID4Java, JSSC)
• Shell execution (command line tools)
• Modifying system settings (certificate installation)
• Modifying 3rd party application settings (browser policies)
• Local file access (File IO features)
• Reading and writing to local sockets (possible through entitlements, but can still be blocked)

This bug report aims to identify the tasks needed to properly support sandboxing.

• [x] Load JNA from disk instead of extracting it at runtime. See also JNA mailing list
• [x] Load JSSC from disk instead of extracting it at runtime.
• [x] Load HID4Java from disk instead of extracting it at runtime.
• [ ] Limit or remove any calls to Shell execute
• [x] Fix JDK CUPS communication to stop using local sockets: https://bugs.openjdk.java.net/browse/JDK-8181571
• [ ] Fix QZ Tray installation in Comodo AV Container
• [ ] Document limitations and handle exceptions imposed by sandboxed operation

Related #770 #782