Improve isolation, execution limits and execution metrics by using Isolate (#683)

* Initial: use Isolate for isolation

* Continue: use Isolate for isolation

* Bug fixes

* timeout is wall-time for backward compatibility

* Documentation, signal names, reported time in ms

* Report memory usage in bytes

* Add privileged flags where needed

* Remove tmpfs

* Remove tmpfs

* Fix package installation

* Fix path, fix Zig: CRLF -> LF

api/src/runtime.js

@@ -15,6 +15,7 @@ class Runtime {
         pkgdir,
         runtime,
         timeouts,
+        cpu_times,
         memory_limits,
         max_process_count,
         max_open_files,
@@ -27,6 +28,7 @@ class Runtime {
         this.pkgdir = pkgdir;
         this.runtime = runtime;
         this.timeouts = timeouts;
+        this.cpu_times = cpu_times;
         this.memory_limits = memory_limits;
         this.max_process_count = max_process_count;
         this.max_open_files = max_open_files;
@@ -62,6 +64,18 @@ class Runtime {
                     language_limit_overrides
                 ),
             },
+            cpu_times: {
+                compile: this.compute_single_limit(
+                    language_name,
+                    'compile_cpu_time',
+                    language_limit_overrides
+                ),
+                run: this.compute_single_limit(
+                    language_name,
+                    'run_cpu_time',
+                    language_limit_overrides
+                ),
+            },
             memory_limits: {
                 compile: this.compute_single_limit(
                     language_name,
@@ -171,6 +185,7 @@ class Runtime {
                 .split('\n')
                 .map(line => line.split('=', 2))
                 .forEach(([key, val]) => {
+                    val = val.replace_all(this.pkgdir, '/runtime');
                     this._env_vars[key.trim()] = val.trim();
                 });
         }