Update bokeh's influxdb queries to use 'bind_params'

[astrobokonon]

Used to avoid SQL-style injection attacks; I'll need to uproot all of the query construction code to do this, though, so it's a bit messy. Also requires the most up-to-date version of influxdb-python, v5.2.2 or greater.

[astrobokonon]

See the relevant bits in https://github.com/LowellObservatory/Camelot/blob/master/BokehMcBokehface/dctplots/dbQueries.py

[astrobokonon]

Looking at this again just now, I'm punting this to much later. It's high priority, but the underlying changes to the influxdb-python client seem to be not done yet.

The current implementation of bind_params is still undocumented (or, minimally documented) and only works in the WHERE clause. I can prepare pre-made/hardcoded queries, but that's a lot of work and I'd rather just wait to let more examples develop before I dive in...especially since my query constructor does still work, and our exposure is pretty minimal.

As a mitigation, I should work on getting the permissions back into the database. That would at least theoretically protect from stupid injection attacks.

[astrobokonon]

See also:

https://medium.com/sekoia-io-blog/avoiding-injections-with-influxdb-bind-parameters-50f67e379abb

As of 20190718, the official docs don't show this update.