* Harden theme objects, prevent certain properties from being passed through to ThemeData object

* Improve and properly scope Twig security policy

- Block methods that write, delete or modify records and attributes in Database/Eloquent and Halcyon models
- Block access to theme datasource
- Prevent extensions from being created or directly interacted with (models and properties provided to extended objects should still be OK)

Refs: https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22#diff-347d3e6f6f84697f5be048027169529a5ed7e782fcf2dcf62dcdbf560a0a4f77