feat(tui): persist permission rules from approval prompts

[greyfreedom]

Summary

Add TUI support for persisting typed permission rules directly from tool approval prompts.

This builds on the typed execpolicy/config work by letting users save a scoped allow rule while approving a tool call, with a preview of the rule that will be written to user config.

Changes

• Add generated persistent permission rules to ApprovalRequest.
• Add approval prompt actions:
  • s: save this rule and approve
  • p: view the full generated rule preview
• Persist approved rules into user config under [[permissions.rules]].
• Inject successfully saved rules into the live ExecPolicyEngine so the current session benefits immediately.
• Generate scoped rules for:
  • shell tools via exact command patterns
  • file tools via normalized workspace-relative paths
  • apply_patch via extracted patch/file paths
• Write compatibility alias rules for file tools, such as edit_file and file_edit.
• Avoid auto-generating file rules for paths containing glob metacharacters.
• Adjust non-deny rule priority so more specific allow rules can override broader ask rules, while deny remains absolute.
• Keep approval modal previews compact and expose the full rule preview through a pager.

Safety Notes

• Auto-generated file rules are exact-path only.
• Paths are normalized before persistence.
• Absolute paths inside the workspace are saved as workspace-relative paths.
• Paths containing glob metacharacters are not persisted automatically to avoid accidental broad permissions.
• Deny rules still win over allow/ask rules across layers.

Tests

• cargo fmt --all
• cargo test -p deepseek-execpolicy --all-features
• cargo test -p deepseek-tui persistent_permission --all-features
• cargo test -p deepseek-tui typed_permission --all-features
• cargo test -p deepseek-tui approval --all-features
• cargo test -p deepseek-tui persist_permission --all-features
• cargo clippy -p deepseek-tui --all-targets --all-features -- -D warnings
• git diff --check

Depends On

This PR is stacked on top of PR2: feat/execpolicy-typed-rules
Closes #1186
Depends on #2053

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive typed permission system for tool execution, enabling granular control over shell commands and file operations through a new [[permissions.rules]] configuration. It adds the codewhale-execpolicy crate to manage these rules, supports specificity-based resolution, and allows users to persist new rules directly from the TUI during the approval process. Feedback suggests implementing atomic writes when updating the configuration file to prevent potential corruption, deduplicating path normalization logic between the TUI and execution policy crates, and refining the unified diff parsing logic to be more robust against false positives.