Ability to mark a plugin as Dangerous/destructive #2604
Description
Is your feature request related to a problem? Please describe.
I heavily use read only mode to prevent fat-fingering a modification to my cluster when I just want to browse it; this works great for built-in actions, but all plugins can still be run. I've set my destructive ones to confirm: true but would prefer to have them inaccessible in read only mode, especially since I sometimes share my plugin definitions with others.
Describe the solution you'd like
An additional optional boolean field dangerous in plugin definitions, that will remove the plugin from the actions list if k9s is in read only mode.
Describe alternatives you've considered
I did look into if there was a way to deduce read/write mode from scope but couldn't find one. I also briefly considered writing a wrapper script that changed my plugin configuration live on disk based on the --write flag, but that seemed a bit out there and wouldn't work for having multiple clusters open in different k9s instances.