Sandboxing

For the sake of executing prompt-generated code,

users are provided with ability to spawn a separate sub-VM for executing it.

This sub-VM:

1. Has the same non-deterministic level as parent sub-VM

2. Can not switch into non-deterministic mode

3. Can be configured to be able to update storage (privilege escalation is forbidden)

Users can catch both VMError and UserError produced by it, but storage writes can not be reverted