Allow deeper control for sudo flags such as group, home etc

[bitprophet]

This started as "add support for the group flag", but this is a good time to rethink how we can enable users to flip arbitrary sudo flags without us having to be in-between all the time, which was a massive pain in the ass for everybody, historically.

[bitprophet]

See #572 - this should consider having -E as part of the default set, or if that feels too insecure, at least document it explicitly (perhaps also under the env arg somewhere, tho that's tough since it's currently only implicitly documented for sudo under the "it's justrun" clause).

[k-laus]

To just set some essential environment variables, like SSH_AUTH_SOCK to allow re-using ssh-agent within Context.sudo() calls, for me it's sufficient right now to prefix VAR=VALUE in front of the to-be-executed command, e.g.

# get sanitized environment variable - just a filepath is allowed for SSH_AUTH_SOCK
m = re.fullmatch(r'[a-zA-Z\d\.\-\/]+', os.getenv('SSH_AUTH_SOCK'))
sudo_cmd = f"SSH_AUTH_SOCK={m.group(0)} {command}"
ctx.sudo(sudo_cmd, pty=True)