Function setup_dev_allowlist 

pub fn setup_dev_allowlist(
    extra: &[String],
    settings_path: &Path,
) -> Result<(), PawError>

Merges the dev-allowlist preset + extra patterns into the JSON file at settings_path.

Behaviour mirrors crate::supervisor::curl_allowlist::setup_curl_allowlist:

• When settings_path does not exist, a fresh JSON object is created with allowed_bash_prefixes set to effective_patterns applied to extra.
• When the file exists with valid JSON, existing fields are preserved unchanged and missing entries are appended to the allowed_bash_prefixes array.
• When the file exists but is not a JSON object (or allowed_bash_prefixes is not an array), an error is returned and the file is left unchanged.
• Parent directories are created when missing.
• The function never panics.

Errors

Returns PawError::ConfigError when the file cannot be read, contains invalid JSON, has a non-object top level, has a non-array allowed_bash_prefixes, or cannot be written back.