extension_host: Add npm:install capability (#35144)

This PR adds a new `npm:install` capability for installing npm packges
in extensions.

Currently all npm packages are allowed.

Release Notes:

- N/A

crates/extension/src/capabilities.rs

@@ -1,7 +1,9 @@
 mod download_file_capability;
+mod npm_install_package_capability;
 mod process_exec_capability;
 
 pub use download_file_capability::*;
+pub use npm_install_package_capability::*;
 pub use process_exec_capability::*;
 
 use serde::{Deserialize, Serialize};
@@ -13,4 +15,6 @@ pub enum ExtensionCapability {
     #[serde(rename = "process:exec")]
     ProcessExec(ProcessExecCapability),
     DownloadFile(DownloadFileCapability),
+    #[serde(rename = "npm:install")]
+    NpmInstallPackage(NpmInstallPackageCapability),
 }

crates/extension/src/capabilities/npm_install_package_capability.rs

@@ -0,0 +1,39 @@
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, PartialEq, Eq, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub struct NpmInstallPackageCapability {
+    pub package: String,
+}
+
+impl NpmInstallPackageCapability {
+    /// Returns whether the capability allows installing the given NPM package.
+    pub fn allows(&self, package: &str) -> bool {
+        self.package == "*" || self.package == package
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use pretty_assertions::assert_eq;
+
+    use super::*;
+
+    #[test]
+    fn test_allows() {
+        let capability = NpmInstallPackageCapability {
+            package: "*".to_string(),
+        };
+        assert_eq!(capability.allows("package"), true);
+
+        let capability = NpmInstallPackageCapability {
+            package: "react".to_string(),
+        };
+        assert_eq!(capability.allows("react"), true);
+
+        let capability = NpmInstallPackageCapability {
+            package: "react".to_string(),
+        };
+        assert_eq!(capability.allows("malicious-package"), false);
+    }
+}