Commit Briefs
add landlock support on linux
landlock is applied only to the ui process to drop fs access and in the fs process to limit where telescope can read/write files. The network process is more difficult to landlock because while in theory it doesn't need *any* fs access, in practice it needs to read (at least) files inside /etc/ for DNS to work.
move the CONFIGURATION FILE section above default keys
It's clearer to specify first the configuration file before dumping all the keys and available functions.
tweak the documentation wrt XDG and ~/.telescope
Point out that *by default* telescope uses XDG-style directories, but if ~/.telescope exists XDG is ignored. While here also use a shorter URL for the XDG spec and add it to the STANDARDS section of the manpage.
move declarations from telescope.h in fs.h
and while there also publish various path. It's easier and better to have all of them exported from here instead of hardcoding them in other files (such as sandbox.c)
dirname fix
dirname(3) is really one of the worst part of POSIX, portability-wise. Implementors can decide to either modify the passed string or return a pointer to an internal storage. The current code fails when dirname returns a pointer to an internal storage because between the strcmp call and the mkdir we go into a recursion that can modify `path'. We can't use copy either because *some* implementation of dirname would have changed that. How to escape from this hell? Take yet another copy of the path!
support xdg basedir
Use XDG-compliant paths unless ~/.telescope already exists. Provide a script to migrate to XDG-style directory for users who wish to do so.
delete old (and wrong) comment
it's been a while since we're using a lockfile to protect against multiple telescope instances.