[5.x] Antlers user content and config

[jasonvarga]

This PR adds and uses a new method to parse Antlers to force it into user content mode which is safer and is what already happens for Antlers enabled fields. (This part has been reverted and made the default behavior in #14092)

It also changes the config variable available in the context to a safer subset. It still has a large number of sensible defaults but if you need to make more available, you can add to the config:

// config/statamic/system.php
'view_config_allowlist' => [
  '@default', // spreads the defaults into this array
  'package-name.config-name',
],

[MrMooky]

I know this has been merged already, but what's the reason not to support wildcard parameters like services.*? Right now, I have to list them manually like this:

'services.algolia.app_id',
'services.algolia.search_key',
'services.algolia.indexname_de',
'services.algolia.indexname_en',

This is fine for a few variables, but still, allowing wildcard configs to be used would be nice.

[afonic]

Is there a way for a package to configure this? Because right now this seems like a huge breaking change.

[duncanmcclean]

I know this has been merged already, but what's the reason not to support wildcard parameters like services.*? Right now, I have to list them manually like this:

Content editors shouldn't be able to expose API keys unless explicitly allowed.