Revisit filesystem's default path and allowed directories

[dgageot]

I think we should simplify a lot the handling of the current working directory and allowed directories:

• The current directory should be allowed and should be the default working directory for shell and filesystem toolsets. When those tools access ., it means the current directory.
• Other directories should be ok for those tools to access too. They will ask for permission anyways.
• It is useful to restrict access to only the working directory. Doing it without a sandbox is probably out of scope for cagent, though.