[CODE] Make sure we don't easily allow code injection via .comeback files

[agamm]

What is the problem?
So anywhere where we are sending shell=True, there is the possibility for code injection via parameters in .comeback files. comeback doesn't 100% guarantee that there is no code injection but I think we should take some actions to try to fix it.

What are you proposing? Anywhere where shell=True, prompt the user and ask them if they want to run the arguments supplied. This might also be relevant for https://github.com/agamm/comeback/issues/31 Another feature could be adding a flag to ignore the prompts to make it more convenient for people who don't mind the warning.

[yammesicka]

I think this one deserves to be labeled "lit af"