Use env vars on CI to set protocol.file.allow

Instead of setting a global git configuration.

This makes no significant difference for security on CI, but it is
an iterative step toward a more specific way of setting them that
will apply on CI and locally and require less configuration.

In addition, this shows an approach more similar to what users who
do not want to carefully review the security impact of changing
the global setting can use locally (and which is more secure).

Author: EliahKagan

Diff for: .github/workflows/cygwin-test.yml

@@ -26,7 +26,6 @@ jobs:
       shell: bash.exe -eo pipefail -o igncr "{0}"
       run: |
           /usr/bin/git config --global --add safe.directory "$(pwd)"
-          /usr/bin/git config --global protocol.file.allow always
     - name: Install dependencies and prepare tests
       shell: bash.exe -eo pipefail -o igncr "{0}"
       run: |
@@ -47,4 +46,8 @@ jobs:
       shell: bash.exe -eo pipefail -o igncr "{0}"
       run: |
         /usr/bin/python -m pytest
+      env:
+        GIT_CONFIG_COUNT: "1"
+        GIT_CONFIG_KEY_0: protocol.file.allow
+        GIT_CONFIG_VALUE_0: always
       continue-on-error: false

Diff for: .github/workflows/pythonpackage.yml

@@ -52,14 +52,14 @@ jobs:
         set -x
         mypy -p git
 
-    - name: Tell git to allow file protocol even for submodules
-      run: |
-          /usr/bin/git config --global protocol.file.allow always
-
     - name: Test with pytest
       run: |
         set -x
         pytest
+      env:
+        GIT_CONFIG_COUNT: "1"
+        GIT_CONFIG_KEY_0: protocol.file.allow
+        GIT_CONFIG_VALUE_0: always
       continue-on-error: false
 
     - name: Documentation