Add support for `-E` (`--preserve-env`)

[bk2204]

trafficstars

Describe the feature you'd like see implemented in sudo-rs sudo supports the -E (--preserve-env) option. This should be supported in sudo-rs.

What problem can be solved with this feature? The Git CI currently requires this feature and the lack of it causes tests to fail.

It is also generally useful for cases where one needs to use an SSH or GnuPG agent, which must have the socket and askpass passed through. There also may be the need to talk to the display, TTY, or DBus connection in order to prompt appropriately, and the combination of setting all these environment variables manually makes it too difficult to specify all of the values separately.

Finally, when working inside a restricted development environment such as a GitHub Codespace, it is often necessary to spawn a root process with many environment variables, such as the Codespace name, secrets, GITHUB_TOKEN, and other secrets too numerous to mention specifically. In this situation, there is no effective security boundary between the user and root, since it's a single-user machine.

Describe alternatives you've considered Continue using sudo.

Use env -0 | sudo xargs -0 env -i or the like, which is equivalent and possible even without keep_env, but consumes standard input, is error-prone, and just worse in every way.

Additional context I know that some people don't consider this feature a good idea, but it's widely used and it's unlikely distros (and therefore, most users) will be able to replace the C sudo with sudo-rs without it. I would like to use sudo-rs instead of C sudo, but the lack of this feature prevents me from doing so.

/cc https://github.com/trifectatechfoundation/sudo-rs/issues/129