Link protection ux is confusing

[miguelsolorio]

When clicking on "Configure Trusted Domains" you are sent to the picker which shows domain that you just clicked on in the list and checked:

This leaves you in a very confused state because it is now checked. So the natural thinking is since it's checked, why did it ask me to open the link? So I cancel the quickpick, click the link again and I get the same message. After inspecting it further, it appears that the "Configure Trusted Domains" actually adds the entry and you have to click on "Ok" to apply it. This is extremely confusing as the user has no idea this was added, this list is always treated as a static list.

Additionally, looking back on our notes from the last ux sync, I thought we all agreed the actions would be: Trust Once, Trust Always, Cancel. And the "Configure" part was going to be a setting? It appears like this isn't reflected at all.

[octref]

That came out of discussion at #78125 (comment)

So the natural thinking is since it's checked, why did it ask me to open the link?

Would it make sense to make the message a bit different so it stands out? For example, everything below the separator -> already trusted domains. Top two options are:

• Open all links without prompt
• Trust new domain https://dev.azure.com and open link (and remove the faded details)

[miguelsolorio]

I don't think the message would improve the UX. Something that could help/improve is to have an action to add a domain when results are empty:

To me, "Configure Trusted Domains" does not equal "Add this domain" so we either should update the button text to indicate it's also adding, and then I'd auto-fill the input field to indicate that it's adding.

[octref]

See See #80595 (comment)