Reduce visibility of deployment variables inside PDS caller scripts

:warning: Important information:

With #3220 we no longer use PDS_SCRIPT_ENV_WHITELIST but provide the functionality via pds config entry env-whitelist.

Situation

PDSExecutionCallable does currently only add calculated parts to the process environment of the PDS caller script and executes it.

But... the scripts have access to any environment variable of the PDS server. This is a security flaw.

Wanted

The scripts shall have no access to sensitive data.

Solution

we clear everything from environment map except
- standard whitelisted environment variables
- HOME
- HOSTNAME
- PATH
- PWD
- TERM
- UID
- USER
- values inside PDS_SCRIPT_ENV_WHITELIST
- it contains comma separated values
- it is possible to define explicit accepted environment variable names
- it is also possible to use asterisk for accepted variable names - e.g. PDS_STORAGE_* would accept PDS_STORAGE_S3_SOMETHING, PDS_STORAGE_S3_OTHER etc. as white listed (just for convenience when a group of variables shall be accepted)
we add calculated parts

For some special PDS solutions like prepare-solution which need special parts must add those parts to their whitelist. So the responsibility is not inside the script but at PDS side and secure per default

mercedes-benz / sechub