WebContent: Start work on browser process separation :^)

The "WebContent" service provides a very restricted instance of LibWeb
running as an unprivileged user account. This will be used to implement
process separation in Browser, among other things.

This first cut of the service only spawns a single WebContent process
when someone connects to /tmp/portal/webcontent. We will soon switch
this over to spawning a new process for each connection.

Since this feature is very immature, we'll be bringing it up inside of
Demos/WebView as a separate demo program. Eventually this will become
a reusable widget that anyone can embed and easily get out-of-process
web content in their GUI.

This is pretty, pretty cool! :^)

Base/etc/SystemServer.ini

@@ -7,6 +7,13 @@ KeepAlive=1
 User=protocol
 BootModes=text,graphical
 
+[WebContent]
+Socket=/tmp/portal/webcontent
+SocketPermissions=660
+Lazy=1
+User=webcontent
+BootModes=graphical
+
 [LookupServer]
 Socket=/tmp/portal/lookup
 SocketPermissions=660

Base/etc/group

@@ -4,8 +4,9 @@ tty:x:2:
 phys:x:3:window,anon
 audio:x:4:anon
 lookup:x:10:protocol,anon
-protocol:x:11:anon
+protocol:x:11:webcontent,anon
 notify:x:12:anon
 window:x:13:anon,notify
 clipboard:x:14:anon,notify
+webcontent:x:15:anon
 users:x:100:anon

Base/etc/passwd

@@ -4,5 +4,6 @@ protocol:x:11:11:ProtocolServer,,,:/:/bin/false
 notify:x:12:12:NotificationServer,,,:/:/bin/false
 window:x:13:13:WindowServer,,,:/:/bin/false
 clipboard:x:14:14:Clipboard,,,:/:/bin/false
+webcontent:x:15:15:WebContent,,,:/:/bin/false
 anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
 nona:x:200:200:Nona,,,:/home/nona:/bin/sh