docs: add "static" whitelist example to shell (#67)

Author: ammario

docs/guide/rule-engines/shell.md

@@ -60,17 +60,41 @@ esac
 
 ### Domain Allowlist
 
+Command:
 ```bash
-#!/bin/sh
-# Check against allowed domains
-ALLOWED="api.github.com api.gitlab.com"
+httpjail --sh "./rules.sh" -- curl https://api.github.com/repos
+```
 
-for domain in $ALLOWED; do
-    [ "$HTTPJAIL_HOST" = "$domain" ] && exit 0
-done
+In `whitelist.txt`:
+```
+api.github.com
+github.com
+raw.githubusercontent.com
+api.gitlab.com
+gitlab.com
+```
 
-echo "Domain not allowed"
-exit 1
+In `rules.sh`:
+```bash
+#!/bin/sh
+# Check if host is in whitelist file
+
+# Read whitelist file (one domain per line)
+WHITELIST_FILE="./whitelist.txt"
+
+# Check if whitelist file exists
+if [ ! -f "$WHITELIST_FILE" ]; then
+    echo "Whitelist file not found: $WHITELIST_FILE"
+    exit 1
+fi
+
+# Check if current host is in the whitelist (exact match)
+if grep -Fxq "$HTTPJAIL_HOST" "$WHITELIST_FILE"; then
+    exit 0  # Allow
+else
+    echo "Host $HTTPJAIL_HOST not in whitelist"
+    exit 1  # Deny
+fi
 ```
 
 ### Method-Based Restrictions
@@ -158,4 +182,4 @@ Avoid for:
 - High-throughput scenarios (use line processor mode)
 - Simple logic (use JavaScript)
 
-For high-throughput scenarios, consider the [Line Processor](./line-processor.md) mode which maintains a single process.
+For high-throughput scenarios, consider the [Line Processor](./line-processor.md) mode which maintains a single process.