permissions: add Ask list to force confirmation for tools

[dgageot]

Read-only tools (ReadOnlyHint: true) were always auto-approved with no way to override that via permissions config. This adds an explicit Ask field to PermissionsConfig that forces user confirmation even for read-only tools.

• Add Ask []string to PermissionsConfig in config/latest, config/v4, and session packages
• Add ForceAsk Decision constant to the permissions package, returned when a tool explicitly matches an Ask pattern (distinct from the default Ask fallback)
• Update Checker.CheckWithArgs to return ForceAsk for Ask pattern matches, and update IsEmpty/AskPatterns accordingly
• Handle ForceAsk in executeWithApproval by bypassing ReadOnlyHint and ToolsApproved auto-approval, jumping directly to user confirmation
• Extract confirmation dialog into askUserForConfirmation helper to avoid duplication between session, team, and default flows
• Update cagent-schema.json with the new ask property

Example usage:
permissions: ask:
- fetch # always ask before fetching URLs (read-only)
- mcp:github:get_*

Assisted-By: cagent

[docker-agent]

✅ Review Complete - No Issues Found

I've reviewed all the changed code in this PR and found no bugs or issues.

The implementation correctly:

• Adds the Ask field to PermissionsConfig across all relevant config versions
• Implements the ForceAsk decision type in the permissions package with proper priority handling (Deny > Allow > ForceAsk > Ask)
• Updates the permission checking logic to include Ask patterns
• Properly threads the Ask patterns through the app and runtime layers
• Includes comprehensive test coverage for the new functionality
• Updates the JSON schema with appropriate documentation

The changes follow existing patterns in the codebase and maintain consistency with how Allow/Deny patterns are handled. The priority ordering is correct, and the TUI updates properly display the new Ask patterns.

Great work on this feature! The implementation is clean and well-tested.