Allow the extension to be active in untrusted workspaces

[jashug]

Closes #305

Just ran into this today. At an absolute minimum, the language definition and grammar should be available even in untrusted workspaces, but a quick look suggests that the generate command is also safe. There is no substitution in the template, plus the user would have to run the command manually. At worst, untrusted files could set their own .editorconfig, which only applies to files below in the directory hierarchy: This is probably wanted behavior even in an untrusted workspace.

If maintainers do decide some parts of the extension are too dangerous for untrusted workspaces, it is still possible to provide the language and grammar definitions.

Please fill in this template.

• [x] Use a meaningful title for the pull request.
• [x] Use meaningful commit messages.
• [ ] Run tsc w/o errors (same as npm run compile).
• [ ] Run npm run lint w/o errors.