This mitigates CVE-2023-4911, crucially without a mass-rebuild. We drop insecure environment variables explicitly, including glibc-specific ones, since musl doesn't do this by default. Change-Id: I591a817e6d4575243937d9ccab51c23a96bed6f9
pkgs.config
config.nixpkgs.config