./configure option to change secure_path in sudoers without enabling it internally

[foutrelis]

Commit e0e2445 was very helpful in enabling secure_path by default. It works with no surprises as secure_path remains disabled internally and the user is able to comment out the relevant line in /etc/sudoers to restore the old behavior.

One possible addition would be to provide a ./configure option to specify a different default path. --with-secure-path cannot be used for this as it will also define SECURE_PATH, thus enabling it internally and preventing the user from simply commenting out the line in /etc/sudoers.

I'm looking at it from a packager perspective, trying to use a different path [*] for secure_path without leaving the user to wonder why it remains active even when the line in /etc/sudoers is commented out. I tried to think of a clean way to implement this but in the end I had to patch the configure script to change the default value of secure_path.

My understanding is that --with-secure-path should continue to define SECURE_PATH and thus enabling it internally (in addition to the sudoers file). This is desirable in order to maintain the semantics this option had before sudo 1.9.16. The question then becomes, is there a way to specify a different path while maintaining the ability to comment out the option in sudoers, and have it work the same as when --with-secure-path is not used?

[*] /usr/local/sbin:/usr/local/bin:/usr/bin (default path used in Arch Linux, since /usr/sbin, /sbin, and /bin are all symlinks to /usr/bin)

[millert]

We can add a new configure option to just change the default value, but the naming can be confusing. It does appear that some packagers are using --with-secure-path so unfortunately we cannot change the meaning of that option. What do you think of --with-secure-path-value or --with-secure-path-default for the option name? I'm open to better names if you have any ideas.

[millert]

I added --with-secure-path-value in e24737e