Node has an kDisableNodeOptionsEnv embedder flag that disables NODE_OPTIONS env to avoid injecting external code into apps, however it can be bypassed by using the NODE_REPL_EXTERNAL_MODULE env as reported by electron/electron#40770.

I understand kDisableNodeOptionsEnv only means to disable NODE_OPTIONS env, but if we don't also disable NODE_REPL_EXTERNAL_MODULE the protection would become meaningless.

I think we have 2 options to fix this:

1. Disable NODE_REPL_EXTERNAL_MODULE env when kDisableNodeOptionsEnv is used.
2. Deprecate kDisableNodeOptionsEnv and add a new flag that disables all possible ways to inject code.

I wonder which one would be preferred by Node team. /cc @addaleax @joyeecheung @bnoordhuis