Special permissions for FunctionBlocks

[Patagonicus]

Some FunctionBlocks may need more permissions than we allow by default. I think the best way to address this is to annotate the FunctionBlocks somehow (although Java annotations may be annoying, as BCEL doesn't really work with them). Then when deploying we could show the user a list of permissions that are needed per FunctionBlock/Module and (s)he can decide if those should be allowed or not. Kind of like the Android permissions system.

[Patagonicus]

Just as a note to how to implement this on the Module: ApplicationSecurityManager could get an additional PolicyRule that checks if the permission is requested from a FunctionBlock (and inside update, shutdown or init) and then check if the block being executed has received that additional permission. I think it'd be easiest to set those extra permissions in a ThreadLocal variable just before calling the FunctionBlockSecurityDecorator and unsetting the variable afterwards.