fix: disable eval for isolates (#1404)

<!-- Please make sure there is an issue that this PR is correlated to. -->
Fixes RVT-4147
## Changes

<!-- If there are frontend changes, please include screenshots. -->

packages/infra/client/isolate-v8-runner/src/main.rs

@@ -6,7 +6,7 @@ use std::{
 };
 
 use anyhow::*;
-use deno_runtime::deno_core::JsRuntime;
+use deno_runtime::deno_core::{v8_set_flags, JsRuntime};
 use futures_util::{stream::SplitStream, StreamExt};
 use tokio::{
 	fs,
@@ -47,6 +47,19 @@ async fn main() -> Result<()> {
 	let runner_addr = var("RUNNER_ADDR")?;
 	let actors_path = Path::new(&actors_path);
 
+	// Set v8 flags (https://chromium.googlesource.com/v8/v8/+/refs/heads/main/src/flags/flag-definitions.h)
+	let invalid = v8_set_flags(vec![
+		// Binary name
+		"UNUSED_BUT_NECESSARY_ARG0".into(),
+		// Disable eval
+		"--disallow-code-generation-from-strings".into(),
+	]);
+	assert!(
+		invalid.len() == 1,
+		"v8 did not understand these flags: {:?}",
+		invalid.into_iter().skip(1).collect::<Vec<_>>(),
+	);
+
 	// Explicitly start runtime on current thread
 	JsRuntime::init_platform(None, false);