Insecure loading of ICU data through ICU_DATA environment variable

Node.js correctly ignores the NODE_ICU_DATA environment variable when it is running with elevated privileges (e.g. setuid root). ICU on the other hand still honors the ICU_DATA environment variable, without regard for privilege level. ## Impact ICU is not very resilient to crafted data files but since users can select custom data files anyway with the `--icu-data-dir` flag, the real-world impact is probably not much worse than what is already possible through documented means... ...which doesn't mean it shouldn't be fixed because scenarios where it is in fact exploitable are imaginable, just not very likely. Suggestions: - build ICU with ICU_NO_USER_DATA_OVERRIDE defined - sanitize the environment before initializing ICU