Document sandbox permissions

[danirabbit]

Problem

In the packaging section the only place we mention sandbox permissions is inline in the sample manifest. This isn't a very clear or comprehensive description of sandboxing and developers don't seem to necessarily understand that their app is sandboxed and doesn't have permission to access the filesystem etc

Proposal

We should explicitly mention the fact that Flatpak apps are sandboxed and link to https://docs.flatpak.org/en/latest/sandbox-permissions.html

It's probably also worth mentioning that AppCenter will warn when sandbox holes have been poked and remind developers to look for portals before trying to poke sandbox holes

Prior Art (Optional)

No response