Clean up temporary environment variables

[rsenden]

Some actions generate temporary environment variables containing command-line options for subsequent command invocation. These temporary variables should be cleaned up immediately after use.

Some environment variables like _FOD_LOGIN_OPTS contain sensitive data that is now accessible by all subsequent job steps, which potentially included untrusted actions.

Somewhat related, we should document that env: sections containing secrets should ideally be defined at step-level, not job-level, i.e., FOD_PASSWORD env-var should only be available to the (scan) action being invoked, not for all (potentially non-Fortify) steps/actions being run in other steps.

[rsenden]

This should have been (mostly) fixed now, but we should do another round to review whether we're correctly cleaning up all environment variables, and whether we've documented the recommendations regarding potentially sharing confidential values with non-Fortify steps through environment variables.