Add Security to agent mode docs #8571
Description
We need to update agent docs to have a section just for Security. That section needs to make it clear that agent automatically writes files on disk. This needs to be written with a security perspective in mind (e.g. users need to be carefully since code on disk could trigger a watch task that ends up executing something malicious).
Also needs to be clear that user is in control by approving / rejecting tool calls. And how this works well with workspace trust - e.g. users should only use agent mode in workspace they trust.
Here are good docs that we should be inspired by https://docs.anthropic.com/en/docs/claude-code/security
fyi @joaomoreno