terminal: reduce sandbox URL false positives

[dileepyavan]

Summary

• make bare host detection more conservative by requiring a small set of coding-related domain suffixes
• continue treating explicit URLs and SSH remotes as domains even when the suffix looks file-like or otherwise uncommon
• add regression tests covering valid/invalid bare suffixes, multi-label hosts, explicit URLs, and dotted non-domain identifiers

Testing

• npm run transpile-client
• npm run test-browser-no-install -- --browser chromium --grep "TerminalSandboxService - network domains"
• gulp hygiene (fails on unrelated pre-existing/generated file: extensions/mermaid-chat-features/chat-webview-out/codicon.css: Missing or bad copyright statement)

Fixes #308785

[Copilot]

Pull request overview

Reduces false positives in TerminalSandboxService’s heuristic domain extraction so sandbox prompts aren’t triggered by arbitrary dotted identifiers (eg session.completed), while still treating explicit URLs and SSH remotes as network domains.

Changes:

• Add a conservative allowlist of “well-known” domain suffixes for bare host detection.
• Keep treating URL authorities and SSH remotes as domains even when the suffix looks uncommon/file-like.
• Add regression tests for unknown bare suffixes, multi-label hosts, and explicit URL authorities.

Show a summary per file

File	Description
src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalSandboxService.ts	Tightens bare-host normalization by requiring a well-known suffix (when not parsed from a URL/SSH remote).
src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/terminalSandboxService.test.ts	Adds tests validating the new bare-host heuristic and ensuring explicit URLs still trigger domain checks.

Copilot's findings

• Files reviewed: 2/2 changed files
• Comments generated: 2