fix: do not leak pg password to command line

[liambuchanan]

Description

Ensure that postgresql password is not included in command line params and is instead passed via the PGPASSWORD env var.

Notes

• We noticed this when we had a backup fail and the email sent to settings.ADMINS included the full database password
• I've tried to do this in a way that results in the smallest changeset possible
• I initially tried to use django.db.backends.postgresql.client.DatabaseClient.settings_to_cmd_args_env but it generates params that are not compatible with pg_restore

Checklist

Please update this checklist as you complete each item:

• Tests have been developed for bug fixes or new functionality.
• The changelog has been updated, if necessary.
• Documentation has been updated, if necessary.
• GitHub Issues closed by this PR have been linked.

_{By submitting this pull request I agree that all contributions comply with this project's open source license(s).}

[liambuchanan]

#384

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.52%. Comparing base (8f1307e) to head (893ad7d).
Report is 28 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #560      +/-   ##
==========================================
+ Coverage   91.40%   91.52%   +0.11%     
==========================================
  Files          19       19              
  Lines         873      932      +59     
  Branches      157      161       +4     
==========================================
+ Hits          798      853      +55     
- Misses         40       43       +3     
- Partials       35       36       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Archmonger]

There appears to be a draft PR that is related: #385

Can you voice your opinion on this other implementation?

[liambuchanan]

Looks like it'd probably be fine but I haven't tried/tested it. imo advantages of this PR are:

1. makes minimal viable code change
2. adds tests for new functionality
3. ensures all existing tests pass
4. I've end-to-end tested locally
5. it's based on the most recent commit in the repo

[Archmonger]

Can be merged after adding a changelog entry.