Tristan/isolate shell
This replaces !265 (closed) with the same, rebased patch, and adds another patch which makes sandbox isolation optional for bst shell invocations.
This replaces !265 (closed) with the same, rebased patch, and adds another patch which makes sandbox isolation optional for bst shell invocations.