lib,permission: add permission.drop

[RafaelGSS]

Refs: #62223

[nodejs-github-bot]

Review requested:

• @nodejs/security-wg

[github-actions]

The notable-change PRs with changes that should be highlighted in changelogs. label has been added by @RafaelGSS.

Please suggest a text for the release notes if you'd like to include a more detailed summary, then proceed to update the PR description with the text or a link to the notable change suggested text comment. Otherwise, the commit will be placed in the Other Notable Changes section.

[codecov]

Codecov Report

❌ Patch coverage is 68.32298% with 51 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.64%. Comparing base (31da818) to head (db19643).
⚠️ Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
src/permission/fs_permission.cc	71.62%	17 Missing and 4 partials ⚠️
lib/internal/process/permission.js	16.66%	10 Missing ⚠️
src/permission/permission.cc	84.61%	0 Missing and 8 partials ⚠️
src/permission/addon_permission.cc	0.00%	3 Missing ⚠️
src/permission/ffi_permission.cc	0.00%	3 Missing ⚠️
src/permission/inspector_permission.cc	0.00%	3 Missing ⚠️
src/permission/wasi_permission.cc	0.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #62672      +/-   ##
==========================================
- Coverage   89.64%   89.64%   -0.01%     
==========================================
  Files         708      708              
  Lines      220399   220562     +163     
  Branches    42267    42303      +36     
==========================================
+ Hits       197577   197718     +141     
- Misses      14667    14700      +33     
+ Partials     8155     8144      -11     

Files with missing lines	Coverage Δ
lib/internal/process/pre_execution.js	98.38% <100.00%> (+<0.01%)	⬆️
src/permission/child_process_permission.cc	100.00% <100.00%> (ø)
src/permission/ffi_permission.h	100.00% <ø> (ø)
src/permission/fs_permission.h	90.00% <ø> (ø)
src/permission/net_permission.cc	100.00% <100.00%> (ø)
src/permission/net_permission.h	100.00% <ø> (ø)
src/permission/permission.h	100.00% <ø> (ø)
src/permission/worker_permission.cc	100.00% <100.00%> (ø)
src/permission/addon_permission.cc	62.50% <0.00%> (-37.50%)	⬇️
src/permission/ffi_permission.cc	50.00% <0.00%> (-30.00%)	⬇️
... and 5 more

... and 33 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mcollina]

lgtm

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/72611/

[absidue]

As mentioned in my comments on the linked issue, I feel like it should be explicitly documented that this only drops permissions and does not close currently open file handles, sockets etc, that it is expected behaviour and is the app code's responsibility to close/release those if they are no longer required.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/72678/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/72788/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/73030/