pub fn check_fs_permission(
ctx: &ModuleContext<'_>,
permission: Permission,
path: &str,
) -> Result<(), String>Expand description
Check permission and enforce filesystem path scope constraints.
After verifying the base permission (FsRead, FsWrite, or FsScoped),
checks ScopeConstraints::allowed_paths when present. If the scope
constraints list paths, the target path must match at least one (prefix
match). An empty allowed_paths list means all paths are permitted.