With this options enabled, Odyssey will pass
search_path without enquoting:
$ PGOPTIONS='--search_path=public,\ "$user",\ another' ./psql <...>
       search_path
--------------------------
 public, "$user", another
(1 row)

This work only if the value does not contains symbols
that allows to create SQL injection.

Btw, even if the injection is possible,
the search_path value is deployed after the authentication,
which means that the hacker already have an ability to execute queries.

Signed-off-by: roman khapov <r.khapov@ya.ru>