Ensure unwanted enviorment variables are removed from the actual
global environment rather than just the `$_ENV` superglobal variable
Disable stream wrappers, as this is an unexpected feature for most
developers and can be exploited. For instance, `phar://` can be used
to override any class and thus provide code execution (through
`__wakeup` or `__costruct`, for instance). Not a complete solution, as
`php://` can also be abused, but we can't disable it as it gets used
_somewhere_ in our dependencies
Hugo Sales
aef1fac536
