fix(permission): resolve path specificity using longest matching rule

[ventsislav-georgiev]

Issue for this PR

Closes #13646, #13872, #11272 (maybe others)

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

PermissionNext.ask now evaluates each requested pattern in two forms: the original input and, when relative, a worktree-resolved absolute path. It then picks the decision from the most specific matched rule (longest matched pattern).

This fixes cases where generic wildcard rules could beat path-scoped rules only because a tool supplied a relative path.

How did you verify your code works?

• bun test test/permission/next.test.ts
• bun test test/permission-task.test.ts

Added regression tests in packages/opencode/test/permission/next.test.ts:

• absolute specific allow beats wildcard deny for relative edit path
• absolute specific deny beats wildcard allow for relative edit path
• absolute specific allow beats wildcard deny for bash command
• specific deny beats wildcard allow for bash command

Screenshots / recordings

Not a UI change.

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

If you do not follow this template your PR will be automatically rejected.

[github-actions]

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

1. Open an issue describing the bug/feature (if one doesn't exist)
2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

[github-actions]

Thanks for updating your PR! It now meets our contributing guidelines. 👍