Restricted SCL environment

Currently several Simantics based applications use SCL scripts for customization.

Unfortunately, this is currently unsafe, because we do not have means to restrict th functions that uses can use. Here is an example from a certain product as a customizable transformation rule:

import "nn/Proteus/ExtractionRulesUtils/Common"

importJava "java.lang.System" where
   exit :: Integer -> <Proc> ()

propertyRule :: PropertyRule
propertyRule = extract do
    exit(-100)

Executing the above rule as part of a model transformation closes the Simantics DB instance (DOS attack).