preferably sandboxedsandboxed how? I think it'd be neat to have finer grained control within the program of what gets what, but it seems like wasm is the best way to do that without a language that supports ocaps without an escape hatch
image-rs apparently supports that well though