Picking up a small change to let us to set `sslmode` to ensure database
connection is properly encrypted.

The default mode is `prefer` and encryption is available on prod, so the
connections are almost certainly already encrypted. However in terms of
security, as the PG docs state, `prefer` is not the correct mode to use
since the client will blindly trust whatever certificate (or lack of
certificate) the server offers. We will need to bump this to at least
`require` (or even better, `verify-full`, assuming the CA is properly
configured) in prod.

fyi @ekassos