Configuration: add electron-builder.env to default ignores in files

[dkaser]

• Electron-Builder Version: 24.6.4

• Node Version: 20.5.1

• Electron Version: 26.1.0

• Electron Type (current, beta, nightly): current

• Target: all

Currently, if you use electon-builder with default settings and an electron-builder.env file, electron-builder.env is included in the packaged application. This can result in inadvertent secrets exposure. electron-builder.env should be added as a default ignore for the files option.

[mmaietta]

Great callout. I'm not sure if there's previous reasoning as to why the env file should be allowed to be included. Maybe it's so that electron apps can still use the file env data at runtime? That's my only hesitation in adding it to default ignore.

Would you mind opening a PR for this change? (Always trying to encourage community contributions 🙂 )

The logic exists here: https://github.com/electron-userland/electron-builder/blob/master/packages/app-builder-lib/src/fileMatcher.ts#L15