`mesos-containerizer launch --environment` exposes executor env vars in `ps`.

With MESOS-6323, the helper mesos-containerizer launch takes a `--environment` flag for the env vars used by the executor. This is unpleasant because its a common practice that people use env vars to hide configs that are sensitive and now it's visible to non-root users on the host with a ps command.

Given that we want to separate the environments of mesos-containerizer launch and the executor itself, perhaps we can just package and serialize the executor env vars in one env var MESOS_EXECUTOR_ENVIRONMENT and pass that to mesos-containerizer launch which could then get it through a flag the usual way.

In general Mesos should do more to protect env vars but I'll file separate issues for them.