Change `Pool` to hold a callback instead of a set of grants?

[sunfishcode]

In bytecodealliance/wasmtime#7662, there is discussion that a callback would be more useful than a simple set of allowed addresses. If that's true for Wasmtime, then it's true for cap-std in general, so we should consider migrating cap-std in that direction too.

The current code that maintains a list of allowed addresses could be factored out into a utility that users could use to implement the callback if they need that functionality.