Quick note on something that just came to my mind: some env vars that are not on the list above (i.e., does not appear explicitly in the code) might have an impact too. For instance, Emacs uses [these env vars](https://www.gnu.org/software/emacs/manual/html_node/emacs/General-Variables.html#General-Variables), and users are free to reference anything in their `init.el`, so a cleansed environment might cripple a user's editor in `brew create` or `brew edit`.
I propose that we at least whitelist some dev-oriented commands (not all dev commands, because `test`, `tests` etc. would certainly benefit from the filtering).