Having node_modules/bin on PATH breaks `find -execdir`

[mavant]

find: The relative path `node_modules/bin' is included in the PATH environment variable, which is insecure in combination with the -execdir action of find.  Please remove that entry from $PATH

This warning is only emitted by GNU find, not BSD find, but it's a problem for both.

This is a significant problem since, as per issue #45, there's no obvious way to just remove nodejs from my boxen config. I don't need nodejs, and if I do I can install it some other, less broken way, but I DO need find.

[mavant]

Having a hiera option similar to boxen::environment::relative_bin_on_path would solve the problem, although I'd still argue that this should be false by default.

[blackjid]

The node_modules/bin on the PATH was removed in the latest release.