Permissions issues with Flatpak package

Hi! I've come across two issues in the official Flatpak package related to permissions:

1. The current package has filesystems=host. This is extremely insecure, as it gives the application unrestricted access to the entire filesystem, and negates most of the security benefits of the sandbox which Flatpak uses. This includes escaping out of the sandbox and completely highjacking user session, and complete access any sensitive material on the user's profile. I've added a local override to not have this permission, and it works fine, so I hope you'll be able to patch this upstream.

2. The current package lacks the devices=all. Without this permission, 1Password cannot access a 2FA security key, so finishing logging in is impossible when using 2FA. I've added this permission as a local override and 2FA worked fine. This particular permission is a bit too wide-encompassing (since it includes cameras and other devices), but there's not other permission that's more granular that covers this scenario. There's ongoing discussion for such a thing (I know Firefox in particular would like to adopt such a thing), but it's just not there yet.

Oh, while reporting this, I also noticed the Flatpak does not have a version defined:


~
➜ flatpak list --app
Name Application ID Version Branch Origin Installation
Discord com.discordapp.Discord 0.0.16 stable flathub system
Flatseal com.github.tchx84.Flatseal 1.7.4 stable flathub system
OnePassword com.onepassword.OnePassword stable onepassword-origin system
Skype com.skype.Client 8.77.0.97 stable flathub system


---

1Password Version: stable (version missing)
Extension Version: n/a
OS Version: Flatpak 1.12.2