Suggestion: Store trusted hook hashes globally (for shared hooks) #87
Description
AFAICS, the hashes of enabled/trusted hooks (e.g. which you approved through the prompt) are stored inside each individual git hook. This makes sense for repo-local hooks, but this also means that shared hooks, which are used in multiple repos (and especially global shared hooks which are used in all repos) must be approved again separately for each repository that you use.
This is inconvenient, but also a minor security risk: If you end up having to approve hooks all the time, you will likely be quicker to approve and less likely to spot a hook that is not actually from a trusted repo and it is harder to see when a hook actually changed, or you've just not used (the new version of) the hook in this particular repo yet.
If you keep the trusted hashes globally, you would have to approve a hook only once, which means that whenever you get a prompt, it is either a new or changed hook and you can take a little more time to see if it is from a fully trusted repo and/or inspect the hook itself to see what changed and if it is (still) ok.
Though keeping these hashes globally makes the most sense for shared hooks, for simplicity it could be fine to just store all hook checksums globally. Since the full path is included, this should not change any behaviour, other than producing a bigger file (and slightly changing behaviour when you remove and re-clone a repo, but remembering approvals is then probably just a feature).