#21668: fix(config): block dangerous environment variable keys from config injection

## Summary - Add a denylist of dangerous environment variable keys (`NODE_OPTIONS`, `LD_PRELOAD`, `PATH`, `HOME`, etc.) that are blocked from being set via config env injection - `collectConfigEnvVars` now skips blocked keys in both `env.vars` and top-level `env` blocks, logging a warning for each blocked key - Add test verifying blocked keys are not written to `process.env` ## Test plan - [x] Existing tests pass (5/5) - [x] New test confirms `NODE_OPTIONS`, `LD_PRELOAD`, `PATH`, `HOME` are blocked from config injection - [ ] Manual: verify warning log is emitted when a blocked key is encountered in config <!-- greptile_comment --> <h3>Greptile Summary</h3> Added a denylist of dangerous environment variables (`NODE_OPTIONS`, `LD_PRELOAD`, `PATH`, `HOME`, etc.) to prevent security vulnerabilities from config injection. The `collectConfigEnvVars` function now blocks these keys in both `env.vars` and top-level `env` blocks with warning logs. - Blocks 10 dangerous environment variable keys that could enable code injection or system compromise - Case-insensitive matching using `toUpperCase()` ensures variants are caught - Consistent with existing security patterns in `src/node-host/invoke.ts` and `src/agents/sandbox/sanitize-env-vars.ts` - Test verifies blocked keys are not written to `process.env` <h3>Confidence Score: 4/5</h3> - This PR is safe to merge with low risk - it adds security hardening without breaking changes - Score reflects solid security implementation with proper testing. The denylist approach is effective and consistent with existing patterns in the codebase. Minor test coverage gap (top-level env block not tested) prevents a score of 5, but the implementation correctly handles both cases. - No files require special attention - the implementation is straightforward and well-tested _{Last reviewed commit: 9ecf366} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->