internal/outcome: expose pipewire via pipewire-pulse

This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst.

Closes #29.

Signed-off-by: Ophestra <cat@gensokyo.uk>

test/test.py

@@ -226,15 +226,14 @@ machine.send_chars("clear; pactl info && touch /var/tmp/pulse-ok\n")
 machine.wait_for_file("/var/tmp/pulse-ok", timeout=15)
 collect_state_ui("pulse_wayland")
 check_state("pa-foot", {"wayland": True, "pipewire": True})
-# Test PipeWire:
-machine.send_chars("clear; pw-cli i 0 && touch /var/tmp/pw-ok\n")
-machine.wait_for_file("/var/tmp/pw-ok", timeout=15)
-collect_state_ui("pipewire_wayland")
 machine.send_chars("exit\n")
 machine.wait_until_fails("pgrep foot", timeout=5)
 # Test PipeWire SecurityContext:
 machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 hakurei -v run --pulse pactl info")
 machine.fail("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 hakurei -v run --pulse pactl set-sink-mute @DEFAULT_SINK@ toggle")
+# Test PipeWire direct access:
+machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 pw-dump")
+machine.fail("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 hakurei -v run --pipewire pw-dump")
 
 # Test XWayland (foot does not support X):
 swaymsg("exec x11-alacritty")