Add "sandboxed" option to "webPreferences".

When "sandboxed" is passed as a web preference for `BrowserWindow`, the newly
created renderer won't run any node.js code/integration, only communicating with
the system via the IPC API of the content module. This is a requirement for
running the renderer under chrome OS-level sandbox.

Beyond that, certain behaviors of AtomBrowserClient are modified when dealing
with sandboxed renderers:

- `OverrideSiteInstanceNavigation` no longer create a new `SiteInstance` for
  every navigation. Instead, it reuses the source `SiteInstance` when not
  navigating to a different site.
- `CanCreateWindow` will return true and allow javascript access.

atom/browser/atom_browser_client.h

@@ -6,6 +6,7 @@
 #define ATOM_BROWSER_ATOM_BROWSER_CLIENT_H_
 
 #include <map>
+#include <set>
 #include <string>
 #include <vector>
 
@@ -108,8 +109,19 @@ class AtomBrowserClient : public brightray::BrowserClient,
   void RenderProcessHostDestroyed(content::RenderProcessHost* host) override;
 
  private:
+  bool ShouldCreateNewSiteInstance(content::BrowserContext* browser_context,
+                                   content::SiteInstance* current_instance,
+                                   const GURL& dest_url);
+  // Add/remove a process id to `sandboxed_renderers_`.
+  void AddSandboxedRendererId(int process_id);
+  void RemoveSandboxedRendererId(int process_id);
+  bool IsRendererSandboxed(int process_id);
+
   // pending_render_process => current_render_process.
   std::map<int, int> pending_processes_;
+  // Set that contains the process ids of all sandboxed renderers
+  std::set<int> sandboxed_renderers_;
+  base::Lock sandboxed_renderers_lock_;
 
   std::unique_ptr<AtomResourceDispatcherHostDelegate>
       resource_dispatcher_host_delegate_;