Homebrew's actually ended up using a fair few gems. While we want to
avoid Bundler at runtime (and this PR still does that, in fact uses
Bundler even less at runtime than it did before) writing our own version
to use at build-time seems redundant.
Hide these tokens to avoid malicious subprocesses e.g. sending them
over the network. Also, support using these tokens with environment
filtering and clear `HOMEBREW_PATH` from subprocesses to stop them
sniffing it. Finally, use `HOMEBREW_PATH` to detect Homebrew’s user’s
PATH for e.g. `brew doctor` etc.
