don't include linux/prctl.h can conflict with sys/prctl.h, spotted while trying to build on alpine linux.

merge the fs into the ui process The previous separation between the fs and ui process wasn't that good. The idea was to have a `ui' process tightly sandboxed, but it was a lie actually. `ui' was one imsg away from making internet connections and accessing data on the disk, so it wasn't really limited in (almost) any way. Furthermore, having to serialize data to/from the fs proc started to become not really maneagable. As a first step to fix this situation, join the fs and ui process.

remote open: open an url into telescope from outside of it if telescope is started with an url while there is already another instance of it running and the -S flag is not provided, the link will be automagically opened into the running instance of telescope. Telescope now listens on a UNIX domain socket in ~/.telescope/ctl (or ~/.cache/telescope/ctl if XDG is used) for commands.

fix landlock usage cf. gmid 1.8.1 and recent changes in game of trees. This doesn't warrant an immediate release since every action is limited to /tmp, ~/Downloads and {config,data,cache}_home.

don't fail if landlock is not available at runtime

add comment on why don't landlock the net process

fmt

missing include

don't fail if ~/Downloads doesn't exist

forgot to log the path for a unveil error code path

add landlock support on linux landlock is applied only to the ui process to drop fs access and in the fs process to limit where telescope can read/write files. The network process is more difficult to landlock because while in theory it doesn't need *any* fs access, in practice it needs to read (at least) files inside /etc/ for DNS to work.

improve unveil' error reporting

fix sandbox wrt XDG-style directories

[openbsd] allow creation of files in ~/Downloads

(process) network -> net rename