Explicitly call out somewhere the limitations of terminal auto approve

[Tyriar]

The dialog mentions it's best effort:

That links to here: https://code.visualstudio.com/docs/copilot/security#_security-considerations

@ntrogh I want somewhere that I can go into the technical limitations of terminal auto approve. High level summary is:

• Explain what best effort means; enabling terminal auto approve comes with risks. Sub-commands may not be detected in practice. It's important to take steps to prevent prompt injection like being careful about anything entering the chat session from the internet; the agent's output is trusted as not being malicious
• From 1.106 we will be using tree sitter to parse the commands (Use tree sitter for terminal auto approve command parsing vscode#261794). There is no zsh grammar so zsh will use the bash grammar and therefore it will not detect sub-commands in zsh-specific constructs
• There is a set of default rules that aims to improve safety and reduce noise, there's no guarantees something unexpected won't run though