It's unexpected given the name of the function and we don't to use the
current env in all the usages of that function, for example when
processes running as root call read_user_env(user="amnesia"), we don't
want the current environment from the root process to be used.

To avoid code duplication.

Also reimplement dump-user-env in Python so that we can maintain the
list of allowed and dumped environment variables in one place.

We don't use it anywhere else anymore and it really does belong to the
tps package.

The script is now a bash script, so $EUID is always set by the shell.

Makes debugging easier

Dumping all environment variables caused failure in the test suite where
we use the environment dumped by amnesia in a root process. That caused
the PATH variable to not include /sbin anymore.

The environment variables we dump here are the same that were dumped in
the old implementation in gnome.sh.

I had a case where "poweroff" did not cause the system to shut down
but "systemctl poweroff" worked.

There are cases where we execute commands as a user when the user env
file is not expected to be there, for example when we create files in
persistent directories as the owner of the directory, which in case of
the persistent greeter settings happens as the Debian-gdm but after
login, so systemd already cleaned up the user env file for Debian-gdm.

The script doesn't need privileges, so we should run it unprivileged.

The environment we're dumping doesn't actually have anything to do with
GNOME or GNOME Shell, it's the default environment of a user unit
started by systemd plus some display related variables set by us in
dump-user-env. The name user-env therefore better reflects its content.

Also use the name exec-with-user-env instead of exec-in-user-env to make
it more clear that we're not replacing the current environment.

The current user environment already contains all the needed variables,
so we pass that instead of /run/user/1000/user-env.

The remaining usages are safe because they are used in unprivileged
processes.

This removes all usages of the gnome.sh shell library in shell scripts
to ensure that the gnome environment file is not exported in privileged
processes.

A new script, exec-in-gnome-env, is called instead, which exports the
gnome environment in an unprivileged amnesia process and then executes
some command.

There are scenarios in which amnesia can control the gnome-shell
environment which is dumped at boot, so we have to ensure that
only processes running as amnesia (or a less privileged user) export it
in their environment. Since we have to do that, we can just store the
env file as amnesia and drop the part where we copy the file as root.

That can lead to privilege escalation. Instead, we use
/usr/local/lib/systemctl-user to start a systemd user service which has
the required environment variables set.

The gnome_env function of the Python module is called in privileged
processes, exporting the amnesia-controlled environment in those can
lead to privilege escalation.

refs #19464

Test suite: Fix step "the clearnet user has not sent packets out to the Internet"

Closes #19370

See merge request tails/tails!1074

run_test_suite: Add --all-tests

See merge request tails/tails!1076

Upgrade Tor Browser to 12.0.4-build1

Closes #19450

See merge request tails/tails!1078