Add support for handling sensistive data on pgcat.toml and dynamically adding users to pools

[jsaied99]

Is your feature request related to a problem? Please describe.
Every user connecting through PgCat must be specified with their username and password on the pgcat.toml configuration file. This approach has two problems: 1) we are storing the username/password information in a plain text file which is insecure, and 2) To add a user, one must manually need to update the pgcat.toml and rebuild the PgCat Image.

Describe the solution you'd like
A way to dynamically set users without modifying the pgcat.toml configuration file. Also, leverage exisiting security practices like docker secrets or Kubernetes secrets to get the sensitive data and dynamically change the pgcat.toml.

Describe alternatives you've considered
I considered a temporary solution for feature (2). I could load the users using Python's toml library and take each user and password from environments. How this works is each environment that starts with US_ will be added a user with the corresponding PW_ password to the pgcat.toml. This allows us to pass the environment as secrets, and let the image inside add users and passwords.

Additional context
None

[levkk]

and rebuild the PgCat Image.

You can instead do one of these:

1. enable autoreload
2. kill -HUP $(pgrep pgcat)
3. issue a RELOAD query to the admin database

You don't need to rebuild an image of PgCat to update the config.

docker secrets or Kubernetes secrets

This is deployment-specific and not coupled to pgcat. You can store the entire pgcat.toml as a Kubernetes secret.

[abbudao]

Although it's no blocker on deploying PgCat, being able to inject some configurations by environment variables would still be great. In our deployment, we are storing the whole pgcat.toml as a Kubernetes secret, as you mentioned. Still, it would be better to version the configuration on Git (we are using GitOps) as a ConfigMap and only sensitive data as a database password as secrets.