Should we continue to allow "insecure root" installation?

[vexx32]

Checklist

• I have verified this is the correct repository for opening this issue.
• I have verified no other issues exist related to my request.

Is Your Feature Request Related To A Problem? Please describe.

During work on #3501 it was noted that there still exists an $env:ChocolateyAllowInsecureRootDirectory environment variable that is part of the installation logic.

If it is not set, you cannot use $env:ChocolateyInstall to set the installation location to C:\Chocolatey. If it is set, the installer allows it.

Describe The Solution. Why is it needed?

Given we are removing the migration behaviour and we do not support this installation scenario, we should look at removing this undocumented behaviour that permits it in the first place as well.

Additionally, currently it only checks for C:\Chocolatey as the "insecure root directory" however, so there are some questions as to what we should allow here.

• Do we just remove the check and always allow whatever is set in $env:ChocolateyInstall? (probably a bad idea given we saw fit to prevent installing to C:\Chocolatey specifically in the past?)
• Do we expand the check to not allow installing to a folder that is on the root of the system drive in general?
• Do we just disallow installing to C:\Chocolatey specifically -- if so, why?

Additionally, when we remove the undocumented environment variable, we should likely add a warning if folks try to use it for at least a version or so, so those using it are aware it now is not functional.

Additional Context

No response

Related Issues

No response