docs: specify that allow-env and allow-run can have allow lists (#10918)

docs/getting_started/permissions.md

@@ -18,8 +18,10 @@ deno run --allow-read mod.ts
 The following permissions are available:
 
 - **-A, --allow-all** Allow all permissions. This disables all security.
-- **--allow-env** Allow environment access for things like getting and setting
-  of environment variables.
+- **--allow-env=\<allow-env\>** Allow environment access for things like getting
+  and setting of environment variables. Since Deno 1.9, you can specify a
+  optional, comma-separated list of environment variables to provide an
+  allow-list of allowed environment variables.
 - **--allow-hrtime** Allow high-resolution time measurement. High-resolution
   time can be used in timing attacks and fingerprinting.
 - **--allow-net=\<allow-net\>** Allow network access. You can specify an
@@ -30,9 +32,11 @@ The following permissions are available:
 - **--allow-read=\<allow-read\>** Allow file system read access. You can specify
   an optional, comma-separated list of directories or files to provide an
   allow-list of allowed file system access.
-- **--allow-run** Allow running subprocesses. Be aware that subprocesses are not
-  run in a sandbox and therefore do not have the same security restrictions as
-  the deno process. Therefore, use with caution.
+- **--allow-run=\<allow-run\>**Allow running subprocesses. Since Deno 1.9, You
+  can specify an options, comma-separated list of subprocesses to provide an
+  allow-list of allowed subprocesses. Be aware that subprocesses are not run in
+  a sandbox and therefore do not have the same security restrictions as the deno
+  process. Therefore, use with caution.
 - **--allow-write=\<allow-write\>** Allow file system write access. You can
   specify an optional, comma-separated list of directories or files to provide
   an allow-list of allowed file system access.