Allow specifying config via a env vars

[h7x4]

Currently, the list of allowed client ids can only be specified via cli args (unless I've missed something). This can be a security issue particularly on home-lab setups, because cli args are world readable (e.g., by reading /proc/<pid>/cmdline). In the case that a different service with a non-privileged user gets compromised, the attacker might be able to read out the list of client ids without needing to gain any further privileges.

This would be solved if you could provide the list of client ids via files or environment variables (or even stdin or sockets, but the former are easier to work with). Optimally, I'd like to be able to provide a file, because it integrates better with the systemd credential system, but I'm happy with envvars as well.

It might also be a good idea to warn the user somehow that they shouldn't provide the client id via cli args apart from testing purposes.

[djmitche]

This is a good point -- client ID is a credential and should be treated like one.

I want to keep taskchampion-sync-server as the most basic "reference implementation" so I'd like to avoid adopting a config file -- that just invites more config knobs! Instead, I'd like to channel interest in more complex sync-server setups into new implementations, perhaps embedding the existing core crate or perhaps re-implementing the protocol from the spec.

But, as you say this is potentially an issue even in the intended use-case of a one-person server like a VPS or home lab.

So, I think that env vars -- ideally for all of the config options and not just this one -- is the right approach. I think clap makes that easy!