potential security vulnerability: runner should sanitize env before spawning electron-fiddle

[ckerr]

We pass a lot of bugbot's config into the web services via environment variables, including potentially in the future secrets/tokens. When a runner calls spawn() to start electron-fiddle, we should sanitize the environment variables so that none of that is visible to user-supplied test gists.

[MarshallOfSound]

The issue is that just sanitizing the env on the spawned process isn't enough to prevent the spawned process reading that env. E.g. ps e -ww -p {pid} lets you read env for any other pid.

The env of the runner can't contain any secrets at all or the runner needs to run the apps in an even more isolated environment