A few options aren't documented in the manpages. This commit adds
documentation for them based on the --help output and relevant commit
messages. Some of it could probably use more elaboration.
For a few commands the options aren't fully documented. This commit
makes the manpage documentation (almost) match the options shown
when you run "<command> --help" on the command line.
I don't think it makes sense to have to enable this for everything.
It should be safe in the sense that you can't ever do more than
the user can do anyway, and there is no way to use this to communicate
with the rest of the system because you can't read from it.
The worst this could ever cause is to overload the system, but the
sandbox doesn't protect against that in any other way anyway.
This gives the application full access to the host /dev. Obviously
this is not great in terms of sandboxing, but its nice for applications
that use flatpak mostly as a way to do distribution of the app.
Also, its not like the app has full access to anything, its still
limited to the access right of the user.