Host code in start compartment can corrupt SES between initialization and lockdown

[kriskowal]

Although SES is vulnerable to all code that runs before it, and possibly some vetted shims that run after it initializes but before lockdown, SES attempts to protect itself from poisoned intrinsics by capturing original constructors, prototypes, and uncurried methods in commons.js. We should have a lint rule specifically for the SES repository to encourage use of the exports of commons.js over reaching for these possibly poisoned globals.

One possible solution is to add lint rules that disallow polymorphic method calls / dynamic dispatch vigorously, then make more use of uncurryThis.