Allow certain flags to be required to appear before non-flag arguments

Summary:
Ref T13098. Historically, we've seen some issues (particularly with Mercurial) where naming a branch something like --execute-remote-website=evil.com would evaluate even with "--" in the argument list (see T13012).

We're broadly better about this, but still need to parse arguments in multiple phases, and callers/users aren't always careful about using -- to terminate argument lists.

To reduce the danger of flags like --config, --load-library, etc., allow argument parsing to require that they appear before workflow arguments, so arc --config xyz diff is valid, but arc diff --config xyz is not. This reduces the chance that some user script somewhere which does arc diff %s instead of arc diff -- %s will ever be able to do anything truly dangerous.

Test Plan: See upcoming changes to Arcanist. (This does nothing on its own.)

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13098

Differential Revision: https://secure.phabricator.com/D19675