Rethink automatic discovery of commands

[thymikee]

By installing a 3rd party dependency, which exposed a custom command with a side-effectful code loaded eagerly, CLI bailed on cleanly exiting after executing a command.

See #567 for details.

This scenario revealed a flaw in our plugin design, where any package may, consciously or not, abuse the user workflow. We should rethink the automatic discovery of user configs (and in turn commands). Maybe it's not that big of a deal, but maybe we can do something to make it harder to exploit. Or at least hard exit after the command was finished, to not let it go rogue.

cc @grabbou @satya164 @cpojer

[thecodrr]

Changing template.config from JS to JSON would be a good step in this regard. But that's a breaking change and maybe should be implemented in 3.x.

[github-actions]

There hasn't been any activity on this issue in the past 3 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 7 days.