feat: workspace trust gate with persistent trust decisions

Adds a pre-connection trust check that detects hooks, MCP servers, and
custom slash commands in a workspace's .claude/ config before launching
Claude Code. Shows a trust modal (permission sprite) listing all concerns
by category. Trusted workspaces are persisted to config so the user is
only prompted once per workspace path.

Closes #163

src-tauri/src/config.rs

@@ -125,6 +125,9 @@ pub struct HikariConfig {
 
     #[serde(default)]
     pub disable_1m_context: bool,
+
+    #[serde(default)]
+    pub trusted_workspaces: Vec<String>,
 }
 
 impl Default for HikariConfig {
@@ -159,6 +162,7 @@ impl Default for HikariConfig {
             discord_rpc_enabled: true,
             use_worktree: false,
             disable_1m_context: false,
+            trusted_workspaces: Vec::new(),
         }
     }
 }
@@ -268,6 +272,7 @@ mod tests {
         assert!(config.discord_rpc_enabled);
         assert!(!config.use_worktree);
         assert!(!config.disable_1m_context);
+        assert!(config.trusted_workspaces.is_empty());
     }
 
     #[test]
@@ -302,6 +307,7 @@ mod tests {
             discord_rpc_enabled: true,
             use_worktree: true,
             disable_1m_context: false,
+            trusted_workspaces: vec!["/home/naomi/projects/trusted".to_string()],
         };
 
         let json = serde_json::to_string(&config).unwrap();