Support restricting groups.<group>.subcommands to specific allowed subcommands

[BlackRandomCraft]

Is your feature request related to a problem? Please describe.
Currently, when a command (e.g., /cmi) is allowed in groups.<group>.commands, all its subcommands are also effectively allowed unless manually filtered. There’s no straightforward way to block all subcommands by default and allow only a specific one.

Describe the solution you'd like
I’d like groups.<group>.subcommands to act as a whitelist. For example:

• /cmi is allowed in commands
• All /cmi subcommands are blocked by default
• Only /cmi tpa is allowed

Additionally, it would be great to support arguments in subcommands (e.g., $1 for player input), so that rules like /cmi tpa $1 could be configured directly in the allowlist.

Describe alternatives you've considered
The only current workaround is to allow the command and then manually check subcommands and arguments in code, which is unintuitive and cumbersome.

Additional context
This feature would make permission management more explicit and prevent unintended access to other subcommands. It would also simplify setups where only a single subcommand (with optional arguments) should be available to a group.

[YouHaveTrouble]

If you're suffering from CMI brainrot "alias" commands directing to /cmi , consider disabling cmi "alias" system entirely and write the aliases you need in commands.yml in your main server directory

[BlackRandomCraft]

If you're suffering from CMI brainrot "alias" commands directing to /cmi , consider disabling cmi "alias" system entirely and write the aliases you need in commands.yml in your main server directory

With /cmi, I just gave an example.
Now I want to allow only /eas give, and to do that, I have to catch the other /eas subcommands and add them to groups.<group>.subcommands in order to block them.