Harden the kenv syscalls
The kenv(2)
syscall currently allows anyone to inspect the kernel environment, regardless of privilege or jail. Since kenv
can expose potentially sensitive information, we should limit its access to privileged, unjailed accounts.