[FEATURE] Adding --disallowedTools option

[ericproulx]

I always thought that specifying --allowedTools would limit the tooling to ones in the list but in fact its just giving the permission if the agent needs it rather than not having the tool. It will try and fail with a permission required.

Here'a an example:

You can see the difference between allowed_tools and the tools from the system init log.

Now, when running on CI, let's say that I don't want the WebSearch and the WebFetch tools to be available, I would need to pass --disallowedTools WebSearch,WebFetch so that the tools aren't visible to the agent. IMO, I think it's better of not seeing the tool than trying without having the permission and failed.

I hardcoded the values locally and it's not in the system init log.