Major Description
In our CreateProcess wrapper create_process in shell.hpp we make handles that are supposed to be inherited temporarily inheritable, spawn the child process, and then make them uninheritable again. While this works for our purposes, there is a potential race condition where two processes are spawned at the same time and so inherit each others' handles. Technically we could put a lock around this code, but that is unnecessary, as according to this MSDN blog article we can instead whitelist those handles when calling CreateProcess. Note: the existing logic to make them inheritable and then uninheritable again must still exist; we're just adding a whitelist.
The other problem this code will solve is that we cannot control whether or not third-party libraries open up handles, sockets, or CRT FDs as inheritable, so by whitelisting in create_process, we won't have to care.