Low/Medium: Vault password environment fallback is convenient but weak for high-security use. LOCKBOX_VAULT_PASSWORD is used both by normal CLI vault
access and backup unlock fallback. Even if SecretString::try_from_env() copies it into secure storage, the original process environment remains outside
the secure heap. See rust/lockbox_cli/src/commands/context.rs:90 and rust/lockbox_vault/src/lib.rs:234.
Low/Medium: Vault password environment fallback is convenient but weak for high-security use. LOCKBOX_VAULT_PASSWORD is used both by normal CLI vault
access and backup unlock fallback. Even if SecretString::try_from_env() copies it into secure storage, the original process environment remains outside
the secure heap. See rust/lockbox_cli/src/commands/context.rs:90 and rust/lockbox_vault/src/lib.rs:234.