bug#44837: 28.0.50; Local-variables: in middle of file wants to get executed

[Jean Louis <bugs@gnu.support>]

I am proposing following changes to the dialogue with unsafe
variables:

- to include on minibuffer the option ? to READ MANUAL and lead user
  to the section 49.2.4.2 Safety of File Variables where there are
  dangerous to data cited

- to make the dialogue window with cursor rather than without any
  cursor how it is now, so that user can click on buttons pointing to
  the above manual page

- to designate some parts as shown below to be buttons to the manual
  page clickable both from console and from X Emacs

- to give user option to permanently mark specific file or directory
  variables as unsafe and not to be asked again to accept them over
  and over again as that makes unfair choice to user

- if user clicks ? or C-g or tries to escape or anything else but Y or
  !, then the dialogue should fail and file get loaded just as
  usual. Upon the next opening of the file everything should go as
  usual.

- to add section in the tutorial that references that variables should
  not be opened as nothing about these issues is written in the
  tutorial. One could say that before accepting any variables user
  shall read the manual section 49.2.4.2 Safety of File Variables, and
  until full understanding is achieved user is advised not to accept
  such variables.

From the current template:
==========================

The local variables list in /home/data1/protected/x
contains values that may not be safe (*).

Do you want to apply it?  You can type
y  -- to apply the local variables list.
n  -- to ignore the local variables list.
!  -- to apply the local variables list, and permanently mark these
      values (*) as safe (in the future, they will be set automatically.)

  * eval : (when (and (buffer-file-name) (not (file-directory-p (.......

Proposed hyperlinks to manual page:
===================================

The local variables list in /home/data1/protected/x
    ^^^^^^^^^^^^^^^
contains values that may not be safe (*).
         ^^^^^^      ^^^^^^^^^^^^^^^^^^^
Do you want to apply it?  You can type
y  -- to apply the local variables list.
         ^^^^^^^^^^^^^^^^^^^^^^^^^
n  -- to ignore the local variables list.
!  -- to apply the local variables list, and permanently mark these
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      values (*) as safe (in the future, they will be set automatically.)

  * eval : (when (and (buffer-file-name) (not (file-directory-p (.......
    ^^^^^^

- to give to user option to permanently NOT mark these values to be
  accepted, as the choice above is inclined to accept variables and it
  makes users error prone to accept unsafe variables, but it does not
  give option to permanently mark those as unsafe.

  This is more important for dir local variables where user may be
  asked many times to accept variables.

  Being asked 20 times will make user finally permanently accept
  variables.

  But user has no visible way to permanently ignore those variables.

- safety for millions of users who do not use Emacs Lisp or who may
  not be programmers.



Reasons:
========

- Emacs assumes wrongly that millions of users will know the meanings
  of "variable", "value", "apply" variable, "eval" and "safe",
  including the meanings of all of the Emacs Lisp that may be shown
  after eval: line and that seem not to be user friendly

- to follow the principle of being self-documenting one shall give
  hyperlinks or references to documentation, thus giving user the
  actual informed choice.

- right now user does not have informed choice and is coerced to
  permanently accept variables.

More references:

https://lists.gnu.org/archive/html/emacs-orgmode/2020-11/msg00609.html

https://lists.gnu.org/archive/html/emacs-orgmode/2020-11/msg00633.html

Here are references of confused users on Stack-something:
https://lists.gnu.org/archive/html/emacs-orgmode/2020-11/msg00655.html

https://lists.gnu.org/archive/html/emacs-orgmode/2020-11/msg00665.html