Implementing a safe mode

Currently, arara aims to be as powerful and flexible as possible. We intend to add a safe mode, so:

• arara does not run certain commands, e.g. does not arbitrarily execute system commands.
• arara does not expose the full JVM standard library (using fully qualified names).
• arara only operates on the working directory.
• arara might get accepted by Overleaf.

In unsafe mode (default), we would like to keep the current behavior. Additionally, the following features should be added for more flexibility:

• Specify output file for the log. Currently, the file is aggressively normalized and resolved against the working directory.
• Allow compiling elsewhere (copy the working directory elsewhere to compile, useful, e.g. to work on a RAM disk).