Sanitize environment before starting backend processes (rclone, ssh)

The restic security model includes full trust of the local machine, so
this should not fix any actual security problems, but it's better to be
safe than sorry.

Fixes #2192.

internal/backend/foreground_solaris.go

@@ -7,10 +7,7 @@ import (
 	"github.com/restic/restic/internal/errors"
 )
 
-// StartForeground runs cmd in the foreground, by temporarily switching to the
-// new process group created for cmd. The returned function `bg` switches back
-// to the previous process group.
-func StartForeground(cmd *exec.Cmd) (bg func() error, err error) {
+func startForeground(cmd *exec.Cmd) (bg func() error, err error) {
 	// run the command in it's own process group so that SIGINT
 	// is not sent to it.
 	cmd.SysProcAttr = &syscall.SysProcAttr{