Restrict access to internal variables in expressions

Problem

According to the Step Runner expressions documentation, expressions can reference:

• ${{ inputs }},
• ${{ env }},
• outputs of previous steps, e.g. ${{ steps.[name].outputs.[output name] }},
• ${{ work_dir }},
• ${{ step_dir }},
• ${{ output_file }}, and
• ${{ export_file }}.

The current implementation unintentionally allows:

• ${{ steps.[name].execResult.command[...] }}
• ${{ steps.[name].execResult.work_dir }}
• ${{ steps.[name].execResult.exit_code }}
• ${{ steps.[name].env }}
• ${{ steps.[name].exports }}
• ${{ steps.[name].status }}
• ${{ steps.[name].specDefinition }}
• ${{ steps.[name].step }}, and
• ${{ steps.[name].sub_step_results[...] }}.

Proposal

context.Steps has a Steps field of type proto.StepResult. A struct that the step runner team has control over should be passed to into expression.Expand and expression.ExpandString.