The Connector::Connect() API provides for an outgoing InterfaceProvider, which allows the connecting app to expose interfaces to the connectee. We use this in a couple of places, including the tracing service & (eventually) the browser launching the renderer.

This muddles the security policy a little bit, as there's currently no checking on what interfaces get exposed on the outgoing provider, in accordance with CapabilitySpec.

We should eliminate this outgoing provider, and require that connectees connect back to the connecting app to request interfaces, which will trigger all the appropriate policy checks.