Investigate disabling /rw customizability for sd-app, other AppVMs

[eloquence]

The /rw path in TemplateBasedVMs allows system config changes to be persisted across reboots. We don't use this feature for the workstation, and successful exploits could attempt to use it to anchor malicious system config changes. We should investigate whether it is possible to disable this feature entirely for the sd-app VM, and potentially other VMs as well that do not require it.

[marmarek]

Related: https://github.com/tasket/Qubes-VM-hardening

[eloquence]

Since we're now symlinking MIME types into the private volume per #605 towards template consolidation (#471), I'm guessing this is no longer plausible -- I'd motion to close this issue, and open a separate issue to consider the private volume hardening strategies described in the link above.

[eloquence]

Closing in favor of #616.