Security: when run locally, plugin sends all env variables

The plugin sets all of process.env variables as secrets:

Line 119 in 108706a

const envs = {...process.env};

This can leak unwanted variables, especially when run locally.

To reproduce run netlify build locally with the plugin configured and see the generated env.json file

You can also run nim action get <action> to see all the env vars added during build time

@satyarohith the plugin can eschew generating an env file - if the Nimbella project.yml declares env vars, then only those declared and in the environment are bound to the functions. (A missing variable will cause a build failure.)

If the project.yml uses an env file inclusion, perhaps we should leave that responsibility to the user who has to generate the env file in their build script.

The change @satyarohith has made will require Netlify functions deployed as Nimbella functions to declare their environment variables explicitly as part of a subsequent enhancement. For now no variables are captured. Functions deployed as part of a Nimbella project are not affected because bound variables must be explicitly declared already.