buildkite-agent env has --from-env-file and --print flags

[pda]

Adds two flags to the buildkite-agent env command introduced in #1781.

By default, buildkite-agent env loads os.Environ() and prints it as a JSON object; it's mainly intended for internal use to capture a snapshot of environment before a hook runs, and detect changes afterwards.

The new --from-env-file boolean flag sources the environment from the file named by $BUILDKITE_ENV_FILE instead of from os.Environ(), using bufio.Scanner and strconv.Unquote() to safely and correctly parse the quoting/escaping done by %q when the file was written: https://github.com/buildkite/agent/blob/2aaefb699828b512ad62cd7791104b47bad46b96/agent/job_runner.go#L490

The new --print NAME flag causes a single environment value to be printed in its raw unescaped form followed by a newline, instead of printing all vars as a JSON object.

Combined, this solves the problem of safely parsing BUILDKITE_ENV_FILE (which cannot be safely evaluated in a shell if it may contain untrusted user input) to access a single variable, and allows for usage like this in a pre-command hook or similar:

if [[ $(buildkite-agent env --from-env-file --print BUILDKITE_BRANCH) != "main" ]]; then
  echo "This agent only builds branch 'main'"
  exit 42
fi