Add --feature readonly, to build a bin without risky commands

```
> cargo build --features readonly && sudo ./target/debug/framework_tool --dump-ec-flash ec.bin && ls -l ec.bin
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.09s
ls: cannot access 'ec.bin': No such file or directory

> cargo build && sudo ./target/debug/framework_tool --dump-ec-flash ec.bin && ls -l ec.bin
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.09s
Dumping to ec.bin
-rw-r--r--. 1 root root 524288 May 10 09:24 ec.bin
```

Signed-off-by: Daniel Schaefer <[email protected]>

Author: JohnAZoidberg

framework_lib/Cargo.toml

@@ -9,6 +9,7 @@ build = "build.rs"
 
 [features]
 default = ["hidapi", "rusb"]
+readonly = [ ]
 rusb = ["dep:rusb"]
 hidapi = ["dep:hidapi"]
 uefi = [ "lazy_static/spin_no_std" ]

framework_lib/src/commandline/mod.rs

@@ -212,9 +212,73 @@ pub struct Cli {
 
 pub fn parse(args: &[String]) -> Cli {
     #[cfg(feature = "uefi")]
-    return uefi::parse(args);
+    let cli = uefi::parse(args);
     #[cfg(not(feature = "uefi"))]
-    return clap_std::parse(args);
+    let cli = clap_std::parse(args);
+
+    if cfg!(feature = "readonly") {
+        // Initialize a new Cli with no arguments
+        // Set all arguments that are readonly/safe
+        // We explicitly only cope the safe ones so that if we add new arguments in the future,
+        // which might be unsafe, we can't forget to exclude them from the safe set.
+        // TODO: Instead of silently ignoring blocked command, we should remind the user
+        Cli {
+            verbosity: cli.verbosity,
+            versions: cli.versions,
+            version: cli.version,
+            esrt: cli.esrt,
+            device: cli.device,
+            power: cli.power,
+            thermal: cli.thermal,
+            sensors: cli.sensors,
+            // fansetduty
+            // fansetrpm
+            // autofanctrl
+            privacy: cli.privacy,
+            pd_info: cli.version,
+            dp_hdmi_info: cli.dp_hdmi_info,
+            // dp_hdmi_update
+            audio_card_info: cli.audio_card_info,
+            pd_bin: cli.pd_bin,
+            ec_bin: cli.ec_bin,
+            capsule: cli.capsule,
+            dump: cli.dump,
+            h2o_capsule: cli.h2o_capsule,
+            // dump_ec_flash
+            // flash_ec
+            // flash_ro_ec
+            driver: cli.driver,
+            test: cli.test,
+            intrusion: cli.intrusion,
+            inputdeck: cli.inputdeck,
+            inputdeck_mode: cli.inputdeck_mode,
+            expansion_bay: cli.expansion_bay,
+            // charge_limit
+            // charge_current_limit
+            get_gpio: cli.get_gpio,
+            fp_led_level: cli.fp_led_level,
+            fp_brightness: cli.fp_brightness,
+            kblight: cli.kblight,
+            rgbkbd: cli.rgbkbd,
+            // tablet_mode
+            // touchscreen_enable
+            stylus_battery: cli.stylus_battery,
+            console: cli.console,
+            reboot_ec: cli.reboot_ec,
+            // ec_hib_delay
+            hash: cli.hash,
+            pd_addrs: cli.pd_addrs,
+            pd_ports: cli.pd_ports,
+            help: cli.help,
+            info: cli.info,
+            // allupdate
+            paginate: cli.paginate,
+            // raw_command
+            ..Default::default()
+        }
+    } else {
+        cli
+    }
 }
 
 fn print_single_pd_details(pd: &PdController) {

framework_tool/Cargo.toml

@@ -3,6 +3,10 @@ name = "framework_tool"
 version = "0.4.1"
 edition = "2021"
 
+[features]
+default = [ ]
+readonly = [ "framework_lib/readonly" ]
+
 [dependencies.framework_lib]
 path = "../framework_lib"
 

framework_uefi/Cargo.toml

@@ -9,6 +9,10 @@ rust-version = "1.74"
 name = "uefitool"
 path = "src/main.rs"
 
+[features]
+default = [ ]
+readonly = [ "framework_lib/readonly" ]
+
 [dependencies]
 uefi = { version = "0.20", features = ["alloc"] }
 uefi-services = "0.17"