replace JSON HHAST support with LSP support

[fredemmott]

Should:

• only run if $ROOT/vendor/bin/hhast-lint is present (or fail gracefully if it isn't)
• be opt-in: this means that opening an editor is going to execute project-supplied code, and opening the editor should be safe
• run hhast-lint --mode lsp --from vscode

Additionally, --json isn't going to be in a release

[PranayAgarwal]

I'm thinking this could be enabled by default (with an opt-out config) if $ROOT/vendor/bin/hhast-lint is present in the workspace. Thoughts?

[fredemmott]

My concern is that vscode $(pwd) then executes arbitrary code

[fredemmott]

Is it possible to pop up a dialog confirming whenever a project is opened with vendor/bin/hhast-lint? If so, that would be my preference - with it remembering per-$ROOT

[PranayAgarwal]

Yeah, that will work. If the config isn't set, the extension can show a pop-up with yes/no options, and that value can get saved.

[fredemmott]

just checking: that configuration can be stored outside the project root, right?

I.e. I can't make a malicious project bypass the prompt by also commiting a vscode config to my project?

[fredemmott]

Got a complete change ready for this, just waiting for FB process to say I can send a PR (FB: T31296958 P59796946)

[fredemmott]

PR #25