Add Lua as an extension language to firejail

[kmk3]

(Note: This is kind of a continuation from
#4386 (comment))

For making (at least new) parts of firejail safer (and to make prototyping
easier), if using another language is really the way to go, then using a helper
language that was designed to be one would probably be helpful.

The most obvious candidate to me would be Lua, which was essentially
designed not only to be an extension language to C (and the reverse as
well), but also to be small and easy to embed in the main application.

These would be the main advantages:

Language:

• Syntax: The code generally looks simple and the syntax is not too different
  from C
• Build time (development): Interpreted, so there should be instant feedback
  during development (though not sure about when using the FFI)
• Memory safety: Garbage-collected, so it should be safe in this regard (see
  also Nelua for optional static typing)
• Integration with C: Calling C code from Lua and vice-versa should be trivial.
  Also, a Lua script can be executed from C code like any other program.

The one thing that I'm not really sure of is the default performance in
general. But I don't think that the performance would be affected by a lot for
doing things like a small Unix socket client/server or parsing profiles. If it
actually is a problem, it looks like it would be viable to compile Lua code
with luac, or to use LuaJIT.

Ecosystem:

• Portability: As portable as it gets (C89, trivial/POSIX makefiles)
• Build time (bootstrapping): It takes under 10 seconds on this machine (which
  is not particularly powerful or anything) to build Lua 5.4.4 with make -j 4
  (and less than 20 seconds with make -j 1)
• Size: On Arch/Artix Linux, pacman reports the install size of the "lua"
  package as ~1250 KiB (and of the "luajit" package as ~820 KiB)
• Packaging: Libraries can be easily packaged AFAIK, and Arch seems to have
  quite a few language-specific packages available:

$ pacman -Q lua luajit
lua 5.4.4-2
luajit 2.1.0.beta3.r449.gdad04f17-1
$ pacman -Ssq lua | sort -u | grep '^lua-' | wc -l
52

Examples of programs using either Lua or LuaJIT:

• General tools: arcan, cgit, gnuplot, lighttpd, mpv, neovim, wireplumber
• Gaming: World of Warcraft, Garry's Mod, Minecraft, Fortnite, Love2D engine

Note: Most of the tools listed are based on the packages that have a hard
dependency on either the "lua" or "luajit" package on Arch Linux. This was
sourced from the output of pacman -Sii extra/lua community/luajit.

Note2: I'm just listing the more known games and gaming-related programs off
the top of my head; there's too many to list.

Relates to #4386.

[amano-kenji]

Does firejail have any use for a script language?

[topimiettinen]

Perhaps hard coded user friendliness features (for example X11 or pulseaudio handling) could be replaced with scripts, so the C code would only contain generic features. That way the features could be perhaps changed without modifying the Firejail executable.

I'd prefer Python as the extension language because of its popularity (and I know a bit Python but not Lua).

[rusty-snake]

Rust: System language
Lua: Scripting language

So Lua will have a different target and use case. Which use case to you think about? Sandbox setup has a heavy use of OS APIs so you need a system language. And turing complete profiles are a bad idea.