How to retrieve the current user in Slack hosted custom functions

Question

We are developing custom Slack functions/workflow steps for our users (so that they can build workflows out of them). However, some of these custom functions need to know which user has triggered/is executing the workflow/function/step (for security purposes). Is there a way to achieve this?

The obvious way is to take the user ID as an input to the function, but that is not secure at all because anyone could put anything there (including another user's ID in order to impersonate them). Imagine that one of our custom functions is get_last_paycheck. Clearly, we cannot allow workflow builders to enter any user_id in there...

Basically, what we are looking for would be a way to access the executing user_id from the function context, just like we can access the team_id and enterprise_id.

In the token types documentation, it seems that Slack does know the user_id tied to the workflow token/execution:

The user (human, not bot) who started the workflow (i.e. the user_id on the token)

But how can we retrieve this user_id? The context does contain the workflow token, but it is only a string. And when we use that token, it is tied to the workflow itself (rather than to a user).

In traditional/self-hosted Slack applications (those integrated via API/webhooks & events), we always receive the user_id as part of the payload, which we can then use to give secure access to certain things based on the user. We need to be able to do the same thing for custom functions (without relying on a manually-entered input parameter).