shell: Add NO_LOCALSETTINGS restriction
Most secret information like database passwords are kept in LocalSettings.php,
so blacklisting that file by default would take away a lot of information an
attacker would want.
Since most commands shouldn't need to read the PHP configuration, add it to
RESTRICT_DEFAULT. People can still use:
$cmd->restrict( Shell::RESTRICT_DEFAULT & ~Shell::NO_LOCALSETTINGS );
if they need to still access LocalSettings.php
Bug: T182484
Change-Id: I4032e2706e808e9b819e92a06eff536ccf043388