fix: allow additional trusted Feature Service hosts for ArcGIS plugin

[cstirry]

Problem
The ArcGIS plugin's _validate_feature_url method only trusts Feature Service URLs hosted on *.arcgis.com or the configured portal_url domain. DC's open data portal (opendata.dc.gov) serves dataset metadata via the Hub API, but the actual Feature Services are hosted on maps2.dcgis.dc.gov — a separate domain. This causes query_data to fail with warnings like:

"Feature service URL host 'maps2.dcgis.dc.gov' is not within allowed domains (*.arcgis.com or opendata.dc.gov)"

Fix
Adds an optional allowed_hosts config field to ArcGISPluginConfig. Any hostnames listed there are trusted in addition to *.arcgis.com and the portal domain. The configure wizard prompts for this value when setting up an ArcGIS plugin, so config.yaml is written correctly without manual editing.

Files changed

plugins/arcgis/config_schema.py — adds allowed_hosts: List[str] field
plugins/arcgis/plugin.py — passes allowed_hosts to _validate_feature_url; updates method to check the list
cli/commands/configure.py — adds a prompt for extra trusted hosts in the ArcGIS wizard step

To configure for DC:
When running opencontext configure, enter maps2.dcgis.dc.gov at the new prompt. Assuming this is unique for all cities, or if not may want to automatically add this instead?

Screenshot Before

Screenshot After

[cstirry]

Need to update whatever README is relevant for this

[cstirry]

This approach could definitely be better. For example, at plugin startup, call search_datasets with a broad query, extract unique hostnames from the URL field, and add those as allowed origins for query_data requests. Allowlist would always be derived from actual datasets the instance serves, rather than limited to hardcoded defaults that may not hold for all cities. Eliminates manual configuration.