fix(nix_flake_fmt): ask the user if the project is trusted (#280)

Author: jfly

lua/null-ls/builtins/formatting/nix_flake_fmt.lua

@@ -259,6 +259,15 @@ end
 local find_nix_fmt = function(opts, done)
     done = vim.schedule_wrap(done)
 
+    -- A malicious project could make `nix fmt` do anything to your computer,
+    -- so we ask the user if the project is trusted before we do that.
+    local is_project_trusted = vim.secure.read(opts.root)
+    if not is_project_trusted then
+        log:warn(string.format("nix_flake_fmt disabled because project is not trusted: %s", opts.root))
+        done(nil)
+        return
+    end
+
     local async = require("plenary.async")
 
     local notification_title = "discovering `nix fmt` entrypoint"