do-release-update hangs from use of user $PATH (specifically 'npm which')

When I updated from 18.04 to 20.04 with do-release-upgrade,
I noticed that the cups package prerm script would hang forever.
After I hit ctrl-C, it was fairly messy to fix the system back together.

When I traced this, I found that `which` in the prerm script
(and not just cups but potentially all of them?) resolved to
/usr/local/bin/which from my $PATH, which was from the npm `which` package.
I don't really understand how even `npm which` could hang, but it did somehow.

Everything worked again after I deleted npm `which`.

The lesson here seems to be that do-release-upgrade should restrict $PATH
so that these kinds of problems can't happen.

This is a possible problem for apt in general, but it's more problematic for do-release-update
since it could not be rolled back in this case.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: ubuntu-release-upgrader-core 1:20.04.28
ProcVersionSignature: Ubuntu 5.4.0-51.56-generic 5.4.65
Uname: Linux 5.4.0-51-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu27.9
Architecture: amd64
CasperMD5CheckResult: skip
CrashDB: ubuntu
Date: Mon Oct 19 10:12:55 2020
InstallationDate: Installed on 2018-11-13 (706 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
PackageArchitecture: all
SourcePackage: ubuntu-release-upgrader
Symptom: release-upgrade
UpgradeStatus: Upgraded to focal on 2020-10-17 (1 days ago)