feat(core): add capability devOnly field

[lucasfernog]

a dev environment might need particular scope configurations (such as allowing a localhost API). This change allows marking a whole capability file as "dev only"

[github-actions]

Package Changes Through 9ed7143

There are 3 changes which include tauri-utils with minor, tauri-codegen with minor, tauri with minor

Planned Package Versions

The following package releases are the planned based on the context of changes in this pull request.

package	current	next
tauri-utils	2.4.0	2.5.0
tauri-bundler	2.4.0	2.4.1
tauri-runtime	2.6.0	2.6.1
tauri-runtime-wry	2.6.0	2.6.1
tauri-codegen	2.2.0	2.3.0
tauri-macros	2.2.0	2.2.1
tauri-plugin	2.2.0	2.2.1
tauri-build	2.2.0	2.2.1
tauri	2.5.0	2.6.0
@tauri-apps/cli	2.5.0	2.5.1
tauri-cli	2.5.0	2.5.1

Add another change file through the GitHub UI by following this link.

---

Read about change files or the docs at github.com/jbolda/covector

[FabianLars]

What about buildOnly/prodOnly (whatever you wanna call it)?

[lucasfernog]

What about buildOnly/prodOnly (whatever you wanna call it)?

the main idea of devOnly is that you could enable for instance connecting to a localhost server in dev mode only, not affecting the security scope of a prod app. I don't see value in the opposite - if you allow connecting to the real API backend for instance, that doesn't impact the security of the dev mode.

[amrbashir]

How about just allowing to pass a capability from CLI, this way you can cover the dev only situation and potentially other environment specific capabilities

The problem is all capabilities files are active by default and so we need to pair this with should a config option to select which capabilities file should be loaded