feat(/tools): update trustall UX, /trust and /untrust capability

[hayemaxi]

#1157

• Make trustall/acceptall warning more verbose.
• Trustall/acceptall warning will show if you start chat with -a or --acceptall or --trust-all-tools
• /trust and /untrust takes an unlimited amount of tools at a time
• /trust and /untrust will display an error if you specify a tool name that does not exist

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 76.47059% with 16 lines in your changes missing coverage. Please review.

Project coverage is 14.06%. Comparing base (72cb299) to head (b501ee5).
Report is 158 commits behind head on main.

Files with missing lines	Patch %	Lines
crates/q_cli/src/cli/chat/mod.rs	70.83%	13 Missing and 1 partial ⚠️
crates/q_cli/src/cli/chat/command.rs	90.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1200      +/-   ##
==========================================
- Coverage   14.07%   14.06%   -0.01%     
==========================================
  Files        2366     2366              
  Lines      205628   205665      +37     
  Branches   185992   186029      +37     
==========================================
- Hits        28936    28934       -2     
- Misses     175256   175295      +39     
  Partials     1436     1436              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[GoodluckH]

Maybe say ".... Q will execute tools without asking for confirmation."

it's shorter

[hayemaxi]

I received feedback that warning was too short 😔

[GoodluckH]

Oh then maybe replace "This disables...prompting." with "Q will execute tools without asking for confirmation." Because "acceptance prompting" might be hard to understand

[GoodluckH]

I wonder if we can remove that text but for the user input indicator, we can show ![all tools trusted]> initially

Then for the subsequent inputs we just show !>

We assume our users are smarter than us, so if they somehow figured out how to trust all tools, they should already know the risk.

We just need some text indicating what ! means

[GoodluckH]

See comments.

[hayemaxi]

I wonder if we can remove that text but for the user input indicator
...
so if they somehow figured out how to trust all tools, they should already know the risk.

We have gotten some feedback that trust doesn't fully explain the implications of using it, which prompted this PR to make it more verbose (at least for the most dangerous case: /acceptall).

... we can show ![all tools trusted]> initially

Then for the subsequent inputs we just show !>

IMO ![all tools trusted]> is too cluttered even for the first message, and if they start with a profile it will look even worse ![all tools trusted][my-usual-profile]>.

Instead, what if we just remove !>?

[GoodluckH]

We have gotten some feedback that trust doesn't fully explain the implications of using it

Interesting, that means we are not communicating that properly when they run /tools trustall. If they can find that command, I think they pretty much know what they're doing. Maybe we can just add a confirmation dialog when they run /tools trustall, and put verbose stuff there instead of on the greeting screen.

Or if confirmation dialog is too much code change, we can just add that risk disclaimer as well as the (!) and put it in a different color.

Maybe we can replace ! with 🤖 or something to look not too punishing...

[GoodluckH]

Approving for now to unblock release. we can iterate on UI as we go