Restrict and document actual required permissions

[jsejcksn]

Documentation and code in this repo use deno run -A (--allow-all). This:

• disable's Deno's runtime security sandbox
• is opaque and counter to a zero-trust model (upon which that sandbox is based)

I understand that some tasks in Fresh are completed using CLI calls to deno, and therefore currently require --allow-run (which is essentially the same as --allow-all because it allows for privilege escalation), but I'm not sure if they have to if some changes are made. The usages I see in a precursory search are:

• to format the generated manifest file during init
  • instead, this can be accomplished using a formatting function in the module graph
• to run esbuild (1, 2) in a code path without wasm
  • instead, this can be accomplished by using the wasm path only

Apart from those, the other required permissions should be clearly documented so that users can run fresh with minimal and predefined permission grants instead of disabling the security sandbox entirely.

[lucacasonato]

I'd accept a PR from someone willing to address this.