Knob to blacklist some template functions

[notnoop]

Exposes a knob for consul-template library users to disable some template functions. Functions like env and plugin may access sensitive values on host and are best disabled unilaterally.

[tgross]

I've pushed a commit on top of this with the following changes:

• moves the configuration down to the template level (which works fine for Nomad's use case)
• ensures we have access to change the blacklist in the configuration structs
• changes the field name per recommendations from @eikenb

---

Here's what this looks like from the user's perspective:

demo.hcl:

template {
  source = "./demo.conf",
  function_blacklist = ["plugin"],
}

demo.conf:

{{ plugin "/bin/cat" "./secret_file.txt" }}

demo:

$ echo 'SUPER_SECRET_SHOULD_NOT_SEE' > ./secret_file.txt
$ make dev
==> Installing consul-template for darwin/amd64

$ consul-template -log-level=debug -config=./demo.hcl -dry -once
2019/08/02 14:57:43.041320 [ERR] (cli) ./demo.conf: execute: template: :2:3: executing "" at <plugin "/bin/cat" "./secret_file.txt">: error calling plugin: function is disabled

[eikenb]

@tgross Do you have time to update the config example in the README.md with function_blacklist? I think between the delimiters and the wait is the best spot.

[tgross]

@eikenb I've done that. How's that look?

[eikenb]

Looks good. Thanks.