docs: document implicit CLI behaviors (localhost keyword, enterprise auto-detection)

[Mossaka]

Summary

The CLI reference doesn't document several implicit behaviors that affect how the CLI works in practice.

Undocumented behaviors

1. localhost keyword in --allow-domains

Using localhost in --allow-domains triggers special behavior:

• Replaces localhost with host.docker.internal
• Auto-enables --enable-host-access
• Auto-configures common development ports: 3000, 3001, 4000, 4200, 5000, 5173, 8000, 8080, 8081, 8888, 9000, 9090

This is a significant convenience feature for local development that users should know about.

2. Auto-detected enterprise domains

AWF automatically adds enterprise domains to the allowlist based on environment:

• GHEC (GitHub Enterprise Cloud): Detects *.ghe.com tenants from GITHUB_SERVER_URL and auto-adds tenant domain, api.*, copilot-api.*, and copilot-telemetry-service.* subdomains
• GHES (GitHub Enterprise Server): When ENGINE_API_TARGET is set, auto-adds base domain, api subdomain, and Copilot-related domains

3. Protocol-specific domain filtering

Briefly mentioned but not well explained:

• https://domain.com — allows HTTPS only
• http://domain.com — allows HTTP only
• domain.com (bare) — allows both HTTP and HTTPS

4. Wildcard pattern matching

Mentioned but examples are minimal. Should document:

• *.example.com — matches any subdomain
• api-*.example.com — pattern matching within subdomain labels