Run modules with Node.js new permissions model

[Julusian]

Is this a feature relevant to companion itself, and not a module?

• I believe this to be a feature for companion, not a module

Is there an existing issue for this?

• I have searched the existing issues

Describe the feature

Node 22.13 promotes the permissions model to stable https://nodejs.org/api/permissions.html meaning that we could utilise this.

Primarily this would allow us to give users assurances that modules they install can or cannot mess with random files on their system.

The module could define in the manifest what permissions they need, which companion can then setup when launching them, and also use for the ui.
We should make the manifest granular in permissions, but in the ui, we may want to simplify it.

Will this be too noisy? bmd-atem uses a worker-thread, so will be flagged by this

To minimise impact to modules, we should start by enabling this only for a new version of the module-base. After a couple of companion releases we could consider either enabling it for all modules using the older lib, or raise the minimum module-base version that we support.

Usecases

Primarily this would allow us to inform users which modules they install can or cannot mess/read random files on their system.

When installing/activating a module, we could indicate the level of permissions that the module requires, as part of a safety warning.