The settings.json allowlist gives you exactly this kind of granularity. You can permit specific tool patterns like Read, Glob, Grep, Bash(git *) while keeping destructive operations gated. It's not as discoverable as a CLI flag but it's been working well for me for unattended sessions.