Description

Brief description of what this PR does and why.

Closes #255

Summary

This PR enhances the plugin trust model by integrating the local CLI configuration (~/.starforge/config.toml) into the plugin source verification process. Previously, plugin trust was evaluated against a hardcoded list of domains. With these changes, organizations and developers can configure their own trusted internal sources (or restrict public ones) via the plugin_trust.trusted_sources config, making plugin installations safer and more flexible in shared environments.

Additionally, this PR cleans up several compiler warnings, unused imports, and type discrepancies across the workspace to ensure a pristine build state.

Changes

• Plugin Commands (src/commands/plugin.rs):
  • Updated the install, load, update, and verify command handlers to retrieve the local Config and evaluate plugin trust using registry::classify_source_with_config.
  • Improved the trust warning UI in plugin install to dynamically iterate and display the user's actual configured trusted sources.
  • Updated plugin verify to prompt the user to check their CLI config when a source is untrusted.
• Documentation (PLUGIN_TRUST.md):
  • Updated documentation to accurately reflect that trusted sources are now managed dynamically via ~/.starforge/config.toml.
• Workspace Cleanup & Fixes:
  • Resolved unused field warnings in TemplateEntry.
  • Fixed TemplateCommands::Install naming conflicts by correctly defining the Import command variant.
  • Fixed borrow checker issue with wallets_to_export during JSON backup generation.
  • Passed the correct commands vector through the registry during plugin update.
  • Removed various unused variables (mem, iterations, parallelism) and unused imports in the tests directory.

Note: Make sure all tests pass locally before submitting:

cargo test
cargo fmt --all
cargo clippy -- -D warnings