codex improved behavior for dont ask again for this prefix

this PR does 2 (related) things

1. Updates the `execpolicy` TUI flow

In the TUI, when going through the command approval flow, codex will now ask the user if they would like to whitelist the FIRST unmatched command among a chain of commands.

For example, let's say the agent wants to run apple | pear with an empty execpolicy

Neither apple nor pear will match to an execpolicy rule. Thus, when prompting the user, codex tui will ask the user if they would like to whitelist apple.

If the agent wants to run apple | pear again, they would be prompted again because pear is still unknown. when prompted, the user will now be asked if they'd like to whitelist pear.

Here's a demo video of this flow:

https://github.com/user-attachments/assets/fd160717-f6cb-46b0-9f4a-f0a974d4e710

This PR also removed the allow for this session option from the TUI.

2. Refactor of the `execpolicy` crate

To make 1 possible, we needed to refactor the execpolicy crate. To illustrate why, consider an agent attempting to run apple | rm -rf ./. Suppose apple is allowed by execpolicy. Before this PR, execpolicy would consider apple and pear and only render one rule match: Allow. We would skip any heuristics checks on rm -rf ./ and immediately approve apple | rm -rf ./ to run.

To fix this, we now thread a fallback evaluation function into execpolicy that runs when no execpolicy rules match a given command. In our example, we would run fallback on rm -rf ./ and prevent apple | rm -rf ./ from being run without approval.