adb9ba0744
See the previous commit, about content sandbox level 6, for details; this is basically the same (except with one more ioctl allowlisted, and controlled by a different pref). This patch also adds some plumbing to get the socket sandbox level into the code that constructs the policy, modeled on how it works for content processes. (Previously the only levels of the socket process sandbox were "on" and "off" so that wasn't necessary until now.) Differential Revision: https://phabricator.services.mozilla.com/D249018