Make linking magic-folder caps into rootcap more robust #145
Description
As indicated by #143, one user has shown that it is possible to end up with a rootcap state in which only some of the capabilities needed to restore are present. Setting aside the possibility of intentional tampering here, it is likely that this happened as a result of failing to upload/link the folder's capabilities into the rootcap when the folder was initially added (due, perhaps, to a network disconnect event or from closing the application too early). Accordingly, additional measures should be taken to minimize the chances of the happening again -- for example, by ensuring that the capabilities have been linked into the rootcap before the folder even becomes visible in the UI and/or by warning the user who tries to exit the application early that this process has not completed. Additional checks should perhaps also be added to verify the integrity of the rootcap during normal operation (beyond the one-time ensure_folder_links check that is already present during startup) and to warn users as early as possible of any anomalies that might negatively impact folder-restoration in the future.