Add confirmation prompt for URL-based extension installs

[mnriem]

Summary

specify extension add <name> --from <url> bypasses the catalog trust boundary — the user's configured extension catalogs are the primary mechanism for establishing trust in extension sources. Installing from an arbitrary URL sidesteps that entirely, but the current CLI only prints a warning and proceeds silently.

Change

Add a default-deny confirmation prompt ([y/N]) with a yellow warning panel when installing extensions via --from <url>. This ensures the user consciously acknowledges they are leaving the trusted catalog path.

The prompt displays:

• A yellow-bordered panel titled "⚠ Untrusted Source"
• The URL being installed from
• A reminder to only install from trusted sources
• A [y/N] prompt that defaults to No (user must type y to proceed)

Rationale

Remote path	Protection
--from <url>	HTTPS enforced + yellow panel + default-deny prompt (new)
Catalog download	User explicitly configured catalogs; install_allowed policy enforced
ZIP extraction (both paths)	Zip Slip protection — all member paths validated before extraction

The catalog path doesn't need a prompt because the user already established trust by adding that catalog to their config. The --from path bypasses that trust decision, which is why it needs the confirmation.