isolate action code

[shazron]

Right now all action code that is run, has access to the host's node environment -- which is the developer's machine.
This includes the filesystem, running processes, etc. This will not be representative of a true serverless system which we are simulating.

Explore code isolation via the node vm module: https://nodejs.org/docs/latest-v18.x/api/vm.html
Take note that if the code to run uses require we will need to pass in the require loader, which may or may not be secure. In general this should not be a problem since we webpack the code.

Related:

1. Setting a breakpoint in code, that is run in the vm module node-inspector/node-inspector#284
2. https://www.rocket.chat/blog/node-js-vm
3. https://github.com/laverdet/isolated-vm
4. https://github.com/Richienb/node-polyfill-webpack-plugin (note fs is not in there, since browsers do have this now, but we can easily add the fs fallback in)
5. https://blog.logrocket.com/how-to-protect-your-node-js-applications-from-malicious-dependencies-5f2e60ea08f9/
6. https://github.com/tschaub/mock-fs

[aiojbot]

JIRA issue created: https://jira.corp.adobe.com/browse/ACNA-2980

[shazron]

alternative: https://code.visualstudio.com/docs/containers/debug-node

[shazron]

See #110 (comment)