[Feat]: Extensibility for the environment attestor

[joshdabosh]

Describe the solution you'd like: A way to add environment variables to the default denylist, or a way to optionally only attest a specified list of environment variables.

User value:

Some environments may have sensitive information stored in environment variables which are not covered in the denylist now. Using the environment attestor will store them in recoverable plaintext in generated attestations.

Expected behavior:

Environment variables can be selectively denied or allowed to be attested.

Proposed solution:

Add a flag to decide between allowlist / denylist, and another flag to append to either list for later filtering.

Anything else you would like to add:

Testing changes required:

Add tests to make sure environment variables are correctly filtered.

Documentation changes required:

Add flags to the CLI reference and modify the Environment attestor page.