Restricted mode like in VSCode

[achimnol]

Check for existing issues

• Completed

Describe the feature

In the discussion in python-lsp/pylsp-mypy#95, I found that blindly running LSP configurations that may designate random executable paths in the local system can be a critical security issue.

This is why there is the restricted mode in VSCode: https://code.visualstudio.com/docs/editor/workspace-trust

I think this addition would be great to ensure safety of the Zed users when browsing random code repositories cloned from the web.

Potential design ideas:

• Simply reject loading per-project LSP configurations (.zed/settings.json) if included in the version control (with an explicit warning visible to the user). They should be local, private configurations and .gitignore should exclude them from the source tree. This would be relatively simpler to implement.
• Add a restricted mode like VSCode, starting from preventing loading of LSP plugins. This would require tracking of the list of trusted workspace paths.

Related issues:

• Custom configuration of lsp paths #5135
• Use direnv environment #4977
• Use already installed language server if in $PATH #4978

If I could customize the PATH environment variable used by the LSP servers spawned by Zed (both locally and remotely) in per-project basis, I could workaround python-lsp/pylsp-mypy#95.

Environment

Applies to all Zed versions available now.

If applicable, add mockups / screenshots to help present your vision of the feature

No response