feat: add implementation of options to reduce attack surface

[philclifford]

Description

adds '--paranoid' option (also triggered by setting QUICKEMU_PARANOID in the environment ). Also individual config file toggles are available for :

• usb_redir="false"
• usb_ccid="false"
• folder_sharing="false"
• ssh_fwd="false"

These default to "true" to retain the current behaviour. All are set to "false" by the environment variable or --paranoid option on the command line.

• Closes feat: toggles to reduce attack surface #1722
• Fixes fix: restore rockylinux dynamic releases #1735 (so that documentation changes are consistent)

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Documentation (updates the documentation)

Checklist:

• I have performed a self-review of my code
• I have tested my code in common scenarios and confirmed there are no regressions
• I have added comments to my code, particularly in hard-to-understand sections
• I have made corresponding changes to the documentation

[alexhaydock]

Looking a bit deeper into this one, it's mostly working as expected, but I think it might be adding some stray config for the file sharing into the bash start-scripts.

I can see the paranoid skip has been added to some of the file sharing setup here:
https://github.com/philclifford/quickemu/blob/35293ec7b8cce859df087d48e40c753c383a7aad/quickemu#L1214-L1219

But I think this section here might need it too, otherwise some of the options still end up in the .sh script:
https://github.com/philclifford/quickemu/blob/35293ec7b8cce859df087d48e40c753c383a7aad/quickemu#L1485-L1489

[philclifford]

Good catch - thanks. I'll try and tweak that bit too when I'm awake.

[philclifford]

OK @alexhaydock I think I've done the necessary, could you take another look please.