feat: prompt for workspace sandbox trust

[zxyasfas]

Summary

• prompt interactive users once per new workspace to choose sandbox, host, or session-only sandbox mode
• persist remembered workspace decisions in ~/.grok/workspace-trust.json using canonical workspace paths
• keep explicit --sandbox / --no-sandbox, non-interactive, and unsupported-platform flows non-blocking

Fixes #273

Validation

• npx vitest run src/utils/workspace-trust.test.ts
• npx tsc --noEmit
• npx biome check src/index.ts src/utils/workspace-trust.ts src/utils/workspace-trust.test.ts

---

Note

Medium Risk
Adds a new interactive prompt and persistence layer that changes how sandboxMode is selected for first-time interactive runs; risk is mainly around unexpected prompting or incorrect defaulting/persisted decisions affecting execution environment.

Overview
Adds a workspace trust flow for sandboxing: on the first interactive run in a directory, the CLI prompts to run in Shuru sandbox, run on host, or use session-only behavior, and can remember the choice in ~/.grok/workspace-trust.json keyed by canonical workspace paths.

Integrates this resolution into interactive startup only (headless/non-interactive runs and explicit --sandbox/--no-sandbox keep existing behavior), and includes platform gating for Shuru support plus tests and README docs for the new behavior.

^{Reviewed by Cursor Bugbot for commit 8914725. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 8914725. Configure here.}

[open-cla]

Contributor License Agreement

The following contributors need CLA coverage:

• @zxyasfas
• @homanp

Review and sign the CLA