Whether to enable the watch permission system.
When this is set to true, unprivileged guests can only get watch events for xenstore entries that they would've been able to read.
When this is set to false, unprivileged guests may get watch events for xenstore entries that they cannot read. The watch event contains only the entry name, not the value. This restores behaviour prior to XSA-115.