Define standard rule appliers which deny file and network access

[broneill]

The standard java.base applier denies many features, including file and network access. It would be nice to have rule appliers which deny access to specific sets of features. These appliers would also have to deny access to creating new processes and loading native code, and so those can probably be broken down into separate appliers as well.

[broneill]

Flip things around. Start with denials and then use appliers to allow access to specific features.