composer-normalize: Normalizing `composer.json` in other directory inconsistency

Steps required to reproduce the problem

1. Having Composer 2.2 with the new allow-plugins feature
2. First composer.json, in the root, perfectly fine:

{
    "require": {
        "ergebnis/composer-normalize": "^2.23.0",
        "phpstan/extension-installer": "^1.1.0"
    },
    "config": {
        "allow-plugins": {
            "ergebnis/composer-normalize": true,
            "phpstan/extension-installer": true
        }
    }
}

1. Second composer.json, in subdirectory foo with a content (clearly, not normalized):

{
    "require": {
        "psr/log" : "*",

        "psr/container" : "*"
    }
}

1. We run in the root composer normalize foo/composer.json

Expected Result

• composer.json in foo is normalized, with no questions asked

Actual Result

Running ergebnis/composer-normalize by Andreas Möller and contributors.

ergebnis/composer-normalize contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "ergebnis/composer-normalize" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] n
phpstan/extension-installer contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "phpstan/extension-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] n
Successfully normalized subdirectory/composer.json.

Composer asks for plugins to be allowed (phpstan/extension-installer is only to show that it asks for all, not only about the currently used plugin), having using plugin denied it still normalizes composer.json.

I’d expect normalizing composer.json without any interaction, I’d understood not normalizing it after not allowing the plugins, but this behaviour is super weird.