Hide (bad) database password from plain sight

This wasn't considered necessary before, since the database would never be accessible unless you had access to the container it runs on. However, it generally is a bad practice to leave passwords exposed in plain text. Therefore, this small set of changes was made.

(It also didn't help that the one who did all the setup had no idea how to use environment variables in docker-compose files, until the day after the main chunk of CI setup was done. By then this person was fed up and thought it'd be fine to let it be for a while.)

TODO: Make a .env file in the backend folder too, preventing the need to specify it every damn time. I guess.