Meta: Investigate Seccomp profiles on Linux

[ADKaster]

We should look into how other browsers implement seccomp and other syscall-sandboxing measures for their different process classes.

We should be able to abstract this in a way that's similar to how SerenityOS/OpenBSD's pledge works, to not go crazy with massive syscall list files.

Ideally we would be able to sandbox the WebContent/WebWorker, RequestServer, ImageDecoder, and any future GPU process in a way that they have privileges limited. Locking down at least the ability to create new IPC sockets and requiring those to come from the UI process would be a good first step.

We should also look into similar features for other operating systems.