feat: add granular external_directory permission configuration

[jgordijn]

Closes #5395

Summary

Adds polymorphic configuration for external_directory permission, allowing users to:

• Split read/write permissions separately
• Define directory-specific rules with glob patterns
• Use tilde (~) for home directory paths

Example Configuration

{
  "permission": {
    "external_directory": {
      "read": {
        "directories": {
          "~/projects/docs": "allow",
          "~/.ssh": "deny"
        },
        "default": "ask"
      },
      "write": "deny"
    }
  }
}

Changes

• Schema: Added polymorphic external_directory config (string OR read/write split OR directory rules)
• Permission resolver: New ExternalPermission.resolve() utility for path-based permission resolution
• Tool integration: Added permission checks to read, write, edit, patch, ls, glob, grep
• Glob patterns: * matches within directory, ** matches across directories
• Documentation: Updated permissions docs with examples and limitations

Screenshot

The screenshot shows:

• Reading files from an allowed external directory works
• Reading from a denied directory shows clear error message
• Write operations to read-only directories are blocked

Known Limitations

• bash tool uses best-effort detection (documented)
• Symlink escape vulnerability tracked as follow-up
• LSP tools bypass tracked as follow-up

Testing

• 28 new tests for ExternalPermission.resolve()
• All 345 tests pass