git: Fix commit message generation in untrusted projects and block external diff (#51323) (cherry-pick to preview)

[zed-zippy]

Cherry-pick of #51323 to preview

---

When on a untrusted project, if one was to try and use the commit
generation functionality, the command would fail because of the -c diff.external configuration provided in GitBinary::build_command, as
git would interpret this as "" and try to run that command.

This -c diff.external is a good safeguard to have on untrusted
repositories because it prevents random commands, configured in
.git/config from being run. For example, if one uses git config diff.external "touch bananas.txt" and then run git diff, a new
bananas.txt file would be created.

However, it was still possible to bypass this safeguard using the
following strategy:

1. Specify a custom diff for a specific file format. For example, for
   markdown files, with printf '*.md diff=pwned\n' > .gitattributes
2. Update the command run by the pwned diff, for example, git config diff.pwned.command "touch bananas.txt"
3. Open Zed and attempt to generate a commit message in an untrusted
   repository and check that a new bananas.txt file was created

This is only prevented by using the --no-ext-diff flag on the diff
command, so a new GitBinary::build_diff_command has been introduced
which simply wraps GitBinary::build_command and adds the
--no-ext-diff flag, if necessary.

As a side-effect, this also makes it so that generating a commit message
in an untrusted repository works again, which was accidentally broken on
#50649 .

Before you mark this PR as ready for review, make sure that you have:

• Added a solid test coverage and/or screenshots from doing manual
  testing
• Done a self-review taking into account security and performance
  aspects
• Aligned any UI changes with the UI
  checklist

Release Notes:

• Fixed commit message generation in untrusted repositories