+1 to #3, but making it the default, not just documenting it. I agree with Allen Wittenauer that a little pollution is OK if it makes the out-of-box experience significantly better. And I don't think spilling over an environment variable is so bad anyway.
#1 has several issues. In addition to what was already stated, the vars are evaluated on the client, so if the client doesn't have the same paths as the NM hosts, it won't work.
#2 is a code-level pollution, which is a more serious thing than #3.
#4 doesn't sound like the right idea to me. Users don't need to control the whitelisting on a per-job basis, so it's solving a problem that doesn't exist. It also has some security implications that need to be carefully considered.