pub fn content_process_sandbox_profile() -> Profile
Our content process sandbox profile on Linux. As restrictive as possible.