Tell rustc wrappers which envs to pass through to allow env sandboxing #14444
Description
Problem
In the process of creating a $RUSTC_WRAPPER I realize it needs to know which environment variables build scripts and crates read in order to pass them down to my calls to rustc (and not pass other, possibly sensitive, envs).
These envs can be set in config as the rustc-env map cc https://doc.rust-lang.org/cargo/reference/config.html
These are also set when executing build scripts that output cargo::rustc-env=VAR=VALUE directives cc https://doc.rust-lang.org/cargo/reference/build-scripts.html#rustc-env
Proposed Solution
A simple solution could be for cargo to set an env when calling rustc (or just when calling a $RUSTC_WRAPPER).
This env only needs to contain environment variable names (these are already set in env by cargo).
I propose to set CARGO_BUILD_SETS_ENVS to a list of space-separated env names (or =-separated, both are illegal in var names).
E.g. compiling the crate self_update would set CARGO_BUILD_SETS_ENVS=HOST_PLATFORM TARGET_PLATFORM
cf /~https://github.com/Shnatsel/current_platform/blob/57c123569e12f55c2111046f97294750f12c467d/src/build.rs
Notes
I propose .._SETS_ENVS as I'd also like .._READS_ENVS for names corresponding to cargo::rerun-if-env-changed=NAME but this feature request requires further exploration on my part and a whole new discussion.
There are probably other information that my $RUSTC_WRAPPER should have access to (e.g. LD_PRELOADed things, ...). Maybe you have opinions, ideas on this. I'm just not done exploring yet.