Use python isolate mode

This (more or less) avoids user's environment variables tampering the
search process.
And also remove usages of `eval()` and `exec()`.

PR #18995.

src/base/search/searchdownloadhandler.cpp

@@ -46,6 +46,7 @@ SearchDownloadHandler::SearchDownloadHandler(const QString &siteUrl, const QStri
             , this, &SearchDownloadHandler::downloadProcessFinished);
     const QStringList params
     {
+        Utils::ForeignApps::PYTHON_ISOLATE_MODE_FLAG,
         (SearchPluginManager::engineLocation() / Path(u"nova2dl.py"_qs)).toString(),
         siteUrl,
         url

src/base/search/searchhandler.cpp

@@ -73,6 +73,7 @@ SearchHandler::SearchHandler(const QString &pattern, const QString &category, co
 
     const QStringList params
     {
+        Utils::ForeignApps::PYTHON_ISOLATE_MODE_FLAG,
         (SearchPluginManager::engineLocation() / Path(u"nova2.py"_qs)).toString(),
         m_usedPlugins.join(u','),
         m_category

src/base/search/searchpluginmanager.cpp

@@ -509,7 +509,12 @@ void SearchPluginManager::update()
     QProcess nova;
     nova.setProcessEnvironment(QProcessEnvironment::systemEnvironment());
 
-    const QStringList params {(engineLocation() / Path(u"/nova2.py"_qs)).toString(), u"--capabilities"_qs};
+    const QStringList params
+    {
+        Utils::ForeignApps::PYTHON_ISOLATE_MODE_FLAG,
+        (engineLocation() / Path(u"/nova2.py"_qs)).toString(),
+        u"--capabilities"_qs
+    };
     nova.start(Utils::ForeignApps::pythonInfo().executableName, params, QIODevice::ReadOnly);
     nova.waitForFinished();
 

src/base/utils/foreignapps.h

@@ -31,10 +31,13 @@
 
 #include <QString>
 
+#include "base/global.h"
 #include "base/utils/version.h"
 
 namespace Utils::ForeignApps
 {
+    inline const QString PYTHON_ISOLATE_MODE_FLAG = u"-I"_qs;
+
     struct PythonInfo
     {
         using Version = Utils::Version<3, 1>;