context: Added fallback devices

[hfiguiere]

This provide compatibility to disable all devices when there is new device option

Fixes #5681

• Need to sort out the documentation
• Validate with flatpak-builder

[smcv]

(Not a thorough implementation review, I've only had a quick glance at this for now.)

I still think it's not going to be obvious to users what --device=input,all means, and a lot of people will think it's a synonym for --device=input --device=all. It's definitely not obvious what --device=all,input means.

input|all would be a bit clearer, but would have to be quoted by shell users: --device='input|all'. So that's probably not great either.

Maybe --device=input:or-fallback or --device=input:fallback? Or --device=fallback:input,all as I suggested before? Or something along those lines?

I don't think we necessarily want the syntax for this to come with an implicit assumption that the fallback will always be to exactly all - that seems like a choice that we're likely to be regretting in 5 years' time. But perhaps I'm overthinking that part.

On an unrelated point, we have logic elsewhere in Flatpak that decides whether a permissions change is making the app more privileged (which requires prompting the user) or less privileged (which does not). At the moment, that logic has a special case that says --socket=fallback-x11 or --socket=fallback-x11 --socket=x11 is less privileged than --socket=x11, despite what the syntax would normally indicate. Does it need a similar special case that says --device=(anything) --device=all is less privileged than --device=all, or is all already handled specially there?

[nbenitez]

"Except"

[hfiguiere]

Maybe --device=input:or-fallback or --device=input:fallback? Or --device=fallback:input,all as I suggested before? Or something along those lines?

I went for fallback:. Indeed while more verbose it seems that it will be less confusing.