System overrides
================
It should be possible to create limited arenas (with allowlisting):

    func main(arena System system) -> ExitStatus
    {
        arena System limited = .some_limited_arena(system)
        ...
        do_stuff(limited)
        ...
        return .success
    }

But it might be necessary to add system functionality (and maybe even
outside of the runtime itself?)

This could be done like this:
* Unique identifiers for each "system functionality".
  (This needs language support, but can be useful in other cases also).

    data uniqueid<System> our_id = .init()

    - But how to initialize this?
    - Can it be done without initializers?
    - Can it be done without hacks in the dynamic loader?
        - Function adresses are unique (within a process),
          but also large (when used as a key, it would require a
          hashmap, rather than an array)
        - The runtime could have a function for translating a local code
          pointer (maybe not necessarilly a function pointer) + a
          module-internally unique ID into a process-wide unique ID.


* Some kind of "sub-arena builder" functionality, where such identifiers
  can be passed in (along with more information, e.g. about what should be
  allowed and not).
    - Maybe the "builder methods" should go into each module that
      implements additional "system functionality".


    func main(arena System system) -> ExitStatus
    {
        var TmpFs home = .new(arena)
        home.mkdir("user")
        arena System limited = .subarena(
                .allow_fs_tree("/etc")
                .divert_fs_root("/home", home.as_filesystem())
                # example of custom "system functionality":
                .allow_pkcs11("/usr/lib/somemodule.so", "sometoken", .sign)
            )
        ...
    }