Take steps to prevent file access from Sandbox

[ynvaser]

Previous issue: #15
Seems like it's not enough.
I'd suggest running the app with a linux user that only has read/execute access to what it needs to.

[I-Al-Istannen]

Letting it run with reduced rights is still beneficial, but it can not prevent the bot from reading it's own token. Though adding a safeguard that blocks all executed code from reading a file in the bot directory would be possible.

[irufus]

Leaving a note to close and split this into another issue.