The C# compiler supports a strict mode, the mode that was design to emit extra diagnostics for existing code and not break existing customers. The classical example is definitely assignment checks when all the public members are removed because the type is used via reference assemblies (we hit this case actually with `RelativePath`), or when a value type can be used for doing locks (we hit it as well).
Related work items: #1710763
This change introduces a so-called sandboxed process executor tool that takes a sandboxed process info as an input and outputs a sandboxed process result containing details of file accesses.
The tool will be used to run process pips that require admin privilege, and the tool will run inside a VM. Traditionally, BuildXL in SandboxedProcessPipExecutor will create a detoured child process and communicate with the child process by means of pipes. For process pips that require admin, SandboxedProcessPipExecutor will (1) serialize sandboxed process info, (2) launch the sandboxed process executor tool, and (3) deserialize sandboxed process result produce in (2).
The sandboxed process executor tool will either replace QuickBuild's Tracker.exe or be called by QuickBuild's Tracker.exe. The cutting layer allows the two scenarios to be done, but the latter is the easiest.