Disable or filter $env functionality

With the addition of user management $env has now become a security issue.

It would be great if we could filter or entirely disable this custom variable.

For example a user can easily forge their own tokens and become any user (including owner) if they get hold of $env.N8N_USER_MANAGEMENT_JWT_SECRET. Edit: not true, you need the partial hashed password for this to work.

Other examples of sensitive headers are all the DB user and passwords, and the SMTP settings.