Add warning for formula installation from forbidden paths

[Copilot]

When HOMEBREW_FORBID_PACKAGES_FROM_PATHS is enabled and users try to install a formula from a local file path outside of allowed directories, they now receive a helpful warning message instead of silent failure.

No formula file found at /path/to/formula.rb. 
To install a custom formula: (1) Use `brew create <URL>` to create a formula from a URL, 
(2) Use `brew tap-new <user>/<repo>` to create a custom tap. 
See: https://docs.brew.sh/Formula-Cookbook

Changes

• Enhanced path validation: Modified FromPathLoader.try_new to output a warning using opoo when forbid_packages_from_paths is enabled and the path exists but is outside allowed directories
• Improved efficiency: Store path.realpath in a variable to avoid multiple calls
• Clear guidance: Warning message provides actionable alternatives like brew create and brew tap-new without referencing developer mode

Implementation Details

• Warning is only shown when the path actually exists but is forbidden (not for non-existent paths)
• Maintains existing security restrictions while providing better user feedback
• Normal formula installation and existing functionality remain completely unaffected

Testing

Added unit test in formulary_spec.rb to verify the warning is properly displayed when accessing forbidden paths.

Fixes #20441.
Fixes #20448

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• eu-central-1-1.aws.cloud2.influxdata.com
  • Triggering command: /bin/curl --disable --cookie /dev/null --globoff --user-agent Linuxbrew/4.6.3-42-g7b6cba3 (Linux; x86_64 Ubuntu 24.04.2 LTS) curl/8.5.0 --header Accept-Language: en --fail --progress-bar --retry 3 --max-time 3 --header Authorization: Token iVdsgJ_OjvTYGAA79gOfWlA_fX0QCuj4eYUNdb-qVUTrC3tp3JTWCADVNE9HxV0kp2ZjIK9tuthy_teX4szr9A== --header Content-Type: text/plain; charset=utf-8 --header Accept: application/json --data-binary command_run,command=style,ci=true,devcmdrun=true,developer=false options="--fix" 1755096192 --silent --output /dev/null REDACTED (dns block)
  • Triggering command: /bin/curl --disable --cookie /dev/null --globoff --user-agent Linuxbrew/4.6.3-42-g7b6cba3 (Linux; x86_64 Ubuntu 24.04.2 LTS) curl/8.5.0 --header Accept-Language: en --fail --progress-bar --retry 3 --max-time 3 --header Authorization: Token iVdsgJ_OjvTYGAA79gOfWlA_fX0QCuj4eYUNdb-qVUTrC3tp3JTWCADVNE9HxV0kp2ZjIK9tuthy_teX4szr9A== --header Content-Type: text/plain; charset=utf-8 --header Accept: application/json --data-binary command_run,command=style,ci=true,devcmdrun=true,developer=false options="--fix" 1755096211 --silent --output /dev/null REDACTED (dns block)
  • Triggering command: /bin/curl --disable --cookie /dev/null --globoff --user-agent Linuxbrew/4.6.3-42-g7b6cba3 (Linux; x86_64 Ubuntu 24.04.2 LTS) curl/8.5.0 --header Accept-Language: en --fail --progress-bar --retry 3 --max-time 3 --header Authorization: Token iVdsgJ_OjvTYGAA79gOfWlA_fX0QCuj4eYUNdb-qVUTrC3tp3JTWCADVNE9HxV0kp2ZjIK9tuthy_teX4szr9A== --header Content-Type: text/plain; charset=utf-8 --header Accept: application/json --data-binary command_run,command=tests,ci=true,devcmdrun=true,developer=false options="--only=" 1755096240 --silent --output /dev/null REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)