pub const ENV_WHITELIST: &[&str];Expand description
Environment variables that are inherited from the parent process
when constructing a sandboxed Command. Anything else must be
explicitly added via Command::env.
This whitelist exists to prevent accidental leakage of release
credentials (GITHUB_TOKEN, COSIGN_*, signing keys, etc.) into
arbitrary user-supplied commands.