fix: Warn about CLI extensions in OpenAPI spec

[cfunkhouser]

The x-cli-* OpenAPI specification extensions recognized by Restish can be abused. To prevent this, this change:

1. Prints a notification describing the x-cli-* extensions found in an OpenAPI specification
2. Requires the user to interactively agree to using the extensions

This behavior can be disabled by passing the global --blindly-accept-cli-extensions flag.

Addresses #316.

[codecov]

Codecov Report

❌ Patch coverage is 47.36842% with 50 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
cli/api.go	10.63%	41 Missing and 1 partial ⚠️
openapi/openapi.go	86.66%	3 Missing and 3 partials ⚠️
cli/cli.go	33.33%	1 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

[danielgtaylor]

Thanks again for opening this and sketching the direction. For v2, I ended up taking the smaller visibility-only approach we discussed: no blocking trust prompt, but / now summarize behavior-changing extensions and shows the detailed affected commands and parameters.

I opened the v2 implementation in #348 and credited this PR there, so I’m closing this older draft as superseded.

[danielgtaylor]

Thanks again for opening this and sketching the direction. For v2, I ended up taking the smaller visibility-only approach we discussed: no blocking trust prompt, but api connect / api sync now summarize behavior-changing x-cli extensions and doctor api shows the detailed affected commands and parameters.

I opened the v2 implementation in #348 and credited this PR there, so this older draft is superseded.