docker-compose config should be secure by default

Currently, the docker compose configuration doesn't set `APP_DEBUG=false`, or `APP_ENV=production`. This means a user accessing even something as simple as a page that doesn't exist (404) will see all environment variables, including database credentials, and other sensitive information, due to the Symfony exception page.