OptimizedNodeBridge should align env filtering with NodeBridge

[bbopen]

Summary

NodeBridge filters environment variables to a safe allowlist, but OptimizedNodeBridge passes the full process.env into Python subprocesses. This can unintentionally leak secrets and makes behavior inconsistent between runtime modes.

Failure mode

• Users switch from NodeBridge to OptimizedNodeBridge and unintentionally expose env vars (API keys, tokens) to the Python process.
• Behavior diverges: NodeBridge hides non-allowed vars, OptimizedNodeBridge does not.

Evidence

• src/runtime/node.ts builds env from an allowlist and TYWRAP_ prefix.
• src/runtime/optimized-node.ts uses { ...process.env, ...this.options.env }.

Proposed fix

• Reuse the NodeBridge env filtering logic in OptimizedNodeBridge.
• Allow explicit opt-in to pass through all env vars if needed.

Acceptance criteria

• OptimizedNodeBridge defaults to a safe env allowlist consistent with NodeBridge.
• Provide a documented override for full env inheritance.
• Add tests verifying that non-allowed vars are filtered by default.

[bbopen]

✅ Resolved in PR #136: refactor: unify NodeBridge and OptimizedNodeBridge (ADR-0001)

The unified NodeBridge implementation now uses the same environment variable allowlist logic for both single-process and pooled modes. The inheritProcessEnv option defaults to false with a curated allowlist (PATH, PYTHONPATH, VIRTUAL_ENV, PYTHONHOME, TYWRAP_* prefixed vars).