Database password should be not visible to other processes

[Mic92]

Currently the password is not cleared from /proc/self/cmdline and visible to any other unprivileged process on the same machine, such as top:

Noticed here: NixOS/nixpkgs#39482 (comment)

[Chiiruno]

Probably having meguca create and read a config file would be ideal for this.

[Chiiruno]

Actually, I wonder if we might be able to read shadowed files. (Assuming Linux)

[bakape]

Probably having meguca create and read a config file would be ideal for this.

Yes, this is best. But I want to preserve the current flag functionality too, so maybe shaving everything except the process name from argv[0] with https://github.com/ErikDubbelboer/gspt is needed as well.

[bakape]

Notes to self:

• flags should override config file
• simple JSON config file in project root folder
• don't panic, if config file missing
• add to .gitignore
• the mode keyword (debug|start|stop|...) should remain unchanged

[bakape]

Also, I realized Postgres uses peer authentication by default and the password is not even needed on most systems.