Some extensions (like mine) might want to do things like download updates, and write to local storage (extension local), but it feels like we could a bit better.
Accessing extension specific directories maybe shouldn’t require filesystem entitlements. (Note that care has to be taken to prevent symbolic link attacks though – but it looks like you don’t have symlink support in the API anyway.)
Some users might want to run in a “restricted” mode, where they prevent access over the network (e.g. if they have some level of paranoia). My extension at least doesn’t access the network unless the user asks me to do so explicitly. And it would be perfectly fine with a user disabling the ability to access the network (requests entitlement).
This would potentially give some users a greater degree of confidence when using some extensions.
Btw, I would also love to see a way to run language servers in some kind of restricted sandbox, so that we could have a special entitlement for them, without having to have the wide open “processes” entitlement.