Document limitations of `--allow-run=...` once using `--allow-write`

[dsherret]

When someone has --allow-write, it's possible to just overwrite the location of an allowed binary:

#!/usr/bin/env -S deno run --allow-write --allow-run=/tmp/binary
Deno.writeFileSync("/tmp/binary", NEW_BINARY);
new Deno.Command("/tmp/binary").output();

Additionally, symlink creation requires --allow-write and so someone could modify symlinks to point wherever (thought they could just write whatever bytes to whatever binary at that point). If someone wants to prevent execution of arbitrary user written subprocesses, they must not allow writes to any file that is in the allow-run list, or that any file in the allow-run list symlinks to.