feat(write): add external directory permission check

Without this patch, the write tool had a TODO comment for checking
external directory permissions but the implementation was incomplete.
This meant that write operations to paths outside the working
directory would proceed without requesting user permission.

This is a problem because write operations outside the project
directory could be security-sensitive, and users should be informed
and able to approve or deny such operations.

This patch solves the problem by implementing the external directory
permission check using `ctx.ask()` with the `external_directory`
permission type, following the same pattern used in other tools like
bash. The check includes the parent directory pattern and provides
appropriate metadata for permission message formatting.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: Adam Spiers

packages/opencode/src/tool/write.ts

@@ -22,12 +22,18 @@ export const WriteTool = Tool.define("write", {
   }),
   async execute(params, ctx) {
     const filepath = path.isAbsolute(params.filePath) ? params.filePath : path.join(Instance.directory, params.filePath)
-    /* TODO
     if (!Filesystem.contains(Instance.directory, filepath)) {
       const parentDir = path.dirname(filepath)
-      ...
+      await ctx.ask({
+        permission: "external_directory",
+        patterns: [parentDir],
+        always: [parentDir + "/*"],
+        metadata: {
+          filepath,
+          parentDir,
+        },
+      })
     }
-    */
 
     const file = Bun.file(filepath)
     const exists = await file.exists()