Protection of debugging options

Every Joe User can currently run
   env PGOPTIONS='-d99 -tpa -tpl -te' psql

and stuff the server log with relative garbage that he will never be able
to see anyway.

As I don't believe it feasible to do superuser checking before the options
parsing it seems to me that these option in particular (and -s as well)
need to be "secure". Those desiring to diagnose transient problems can use
SET debug_level, etc. which does have a superuser check in place. For
permanent debug level changes there's of course this shiny new
configuration file and the HUP signal.

Comments?

-- 
Peter Eisentraut                  Sernanders väg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden