For improved functionality, usability, and discoverability, we should complement readTrusted with

• isTrusted: take an SCM path, return true normally, false if in a branch project where this file has been modified by an untrusted user
• loadTrusted: like evaluate(readTrusted 'f') but producing a new block scope like the load step would

On the UX front I think there was also a request to boldface the message about Jenkinsfile being pulled from the trusted branch rather than the PR branch, since this behavior can be surprising and is not immediately obvious from a plain text log. Ideally we could just turn this into an error in case Jenkinsfile had been modified, but that could be considered an incompatible change; perhaps it could be an advanced setting on the repo/org level, defaulting to failure for newly created projects. (We could also consider a fallback flag to readTrusted that would let a script use the same relaxed behavior when loading any SCM file: read from the trusted branch.)